From f918ba6654d73ca9541278eb89ba4ec8ece7b69c Mon Sep 17 00:00:00 2001 From: Jason Skipper Date: Mon, 12 Mar 2018 00:06:30 -0500 Subject: [PATCH 01/21] Updated to work with ChurchCRM 2.10.4 Separated containers to 3. Mariadb, PHP/Apache, ChurchCRM. Changed Enviromental variables over to Docker Secrets. Random updates and fixes. --- README.md | 91 +++------------------------- build-files/60-churchcrm | 31 ---------- build-files/Dockerfile | 29 ++++----- build-files/MYSQL_DATABASE | 1 + buildphp/Dockerfile | 21 +++++++ buildphp/churchcrm | 17 ++++++ {build-files => buildphp}/httpd.conf | 0 docker-compose.yml | 58 ++++++++++++++---- secrets/MYSQL_PASSWORD | 1 + secrets/MYSQL_ROOT_PASSWORD | 1 + secrets/MYSQL_USER | 1 + 11 files changed, 110 insertions(+), 141 deletions(-) delete mode 100644 build-files/60-churchcrm create mode 100644 build-files/MYSQL_DATABASE create mode 100644 buildphp/Dockerfile create mode 100644 buildphp/churchcrm rename {build-files => buildphp}/httpd.conf (100%) create mode 100644 secrets/MYSQL_PASSWORD create mode 100644 secrets/MYSQL_ROOT_PASSWORD create mode 100644 secrets/MYSQL_USER diff --git a/README.md b/README.md index b28fd59..35858a9 100644 --- a/README.md +++ b/README.md @@ -4,84 +4,13 @@ This is the Docker Installation of ChurchCRM. This image is the latest release C ### How To Use -To use, first change your desired database info and **passwords** in the **``.env``** file. *(Download that file from the main ChurchCRM/Docker repository directory)* - -Once complete, Start ChurchCRM in Docker by using the Docker RUN command from the directory that your ``.env`` file resides or by building and starting with docker-compose. - -#### Starting with Docker Run - -For example, you can start MariaDB first with the following command. Make sure to **change the passwords** in the ``.env`` file first. - -``docker run --name database --env-file .env -d jaskipper/alpine-mariadb`` - -Then start the ChurchCRM container: - -``docker run --name churchcrm -p 80:80 --link database --env-file .env -d churchcrm/crm`` - -Visit your website and you will be up and running. Log in with the default username ``admin`` and password ``changeme`` and then change your admin password on the next screen. - -#### Building and Starting with Docker-Compose - -To build and run with Docker-Compose, you must have all of the files in the Github repo. Download the Github Docker repository and run ``docker-compose build`` and ``docker-compose up`` from the project folder. **Be SURE to Change Passwords in the .env file before starting your container**. - -## Environment variables used in the container - -It is recommended that you use the .env file to add your passwords, but you may also add those ENV's with the -e flag with ``docker run -e ...``. - -### MYSQL_DB_HOST -This variable defines the host in order for ChurchCRM to be able to connect to the database. - - -e MYSQL_DB_HOST=database *(This is default and recommended to stay that way unless you know what you are doing)* - -### MYSQL_ROOT_PASSWORD -This variable defines the password for the root user in the database, set it with - - -e MYSQL_ROOT_PASSWORD=secretpassword - -add quotes if there is spaces or other special character in the password - - -e MYSQL_ROOT_PASSWORD='password with spaces' - -### MYSQL_RANDOM_ROOT_PASSWORD -This variable generate a random password for the root user, add - - -e MYSQL_RANDOM_ROOT_PASSWORD=yes - -the password can then be found by looking at the logoutput - - docker logs - -### MYSQL_ALLOW_EMPTY_PASSWORD -This allows the root password to be blank, THIS IS A MAJOR SECURITY RISK, add - - -e MYSQL_ALLOW_EMPTY_PASSWORD=yes - -### MYSQL_REMOTE_ROOT -Normal the root user can only use localhost to access the databases adding - - -e MYSQL_REMOTE_ROOT=yes - -allows root access from any host - -### MYSQL_DATABASE -creates a database with the defined name - - -e MYSQL_DATABASE=databasename - -### MYSQL_USER -creates a user with password defined with MYSQL_PASSWORD and full access to the database defined by MYSQL_DATABASE - - -e MYSQL_USER=username - -### MYSQL_PASSWORD -The password for the user defined by MYSQL_USER - - -e MYSQL_PASSWORD=donottell - -### CHURCHCRM_ADMIN - -To come... - -### CHURCHCRM_PASSWORD - -To come... +* Clone this repository. +* Change your desired database info and **passwords** in the /secrets files (*MYSQL_PASSWORD, MYSQL_ROOT_PASSWORD, MYSQL_USER*). +* From the command line run docker-compose to build and run ChurchCRM + - `docker-compose build` + - `docker-compose up` +* You can then visit ChurchCRM by going to http://localhost (or your server's IP address) in a browser. +* Enter the default login information: + - Username: `admin` + - Password: `changeme` +- Once in, you will be prompted to change your password to something more secure. diff --git a/build-files/60-churchcrm b/build-files/60-churchcrm deleted file mode 100644 index 99daa8b..0000000 --- a/build-files/60-churchcrm +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -set +e - -# populate /web/html if empty -if [ ! -d /web/html ]; then - mkdir /web/html - chown -R apache.www-data /web/html -fi - -if [ ! -f /web/html/Include/Config.php ]; then - cd /tmp - # Latest Release Including RC - #curl -sOL "$(jq -r ".[0] | .assets[] | .browser_download_url" < <( curl -s "https://api.github.com/repos/churchCRM/CRM/releases" ))" - # Latest Full Release - curl -sOL "$(jq -r ".assets[] | .browser_download_url" < <( curl -s "https://api.github.com/repos/churchCRM/CRM/releases/latest" ))" - unzip -q *.zip - cp -Rp ./churchcrm/. /web/html - rm -R churchcrm - - # Since we've already set these passwords in the env file, lets just go ahead and put them in the database and skip the setup page. - cp /web/html/Include/Config.php.example /web/html/Include/Config.php - - sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /web/html/Include/Config.php - sed -i "s/||DB_NAME||/$MYSQL_DATABASE/g" /web/html/Include/Config.php - sed -i "s/||DB_USER||/$MYSQL_USER/g" /web/html/Include/Config.php - sed -i "s/||DB_PASSWORD||/$MYSQL_PASSWORD/g" /web/html/Include/Config.php - sed -i "s/||URL||//g" /web/html/Include/Config.php - sed -i "s/||ROOT_PATH||//g" /web/html/Include/Config.php - - chown -R apache:www-data /web/html -fi diff --git a/build-files/Dockerfile b/build-files/Dockerfile index d79b02f..78b45dc 100644 --- a/build-files/Dockerfile +++ b/build-files/Dockerfile @@ -1,26 +1,19 @@ -FROM jaskipper/alpine-apache-php7 +FROM nimmis/alpine as churchcrm MAINTAINER ChurchCRM -RUN apk update -RUN apk upgrade --repository http://dl-4.alpinelinux.org/alpine/edge/community \ - --repository https://nl.alpinelinux.org/alpine/edge/main +WORKDIR / RUN apk add --no-cache \ - jq \ - php7-session@community \ - php7-pdo@community \ - php7-xml@community \ - php7-exif@community \ - php7-pdo_mysql@community \ - php7-gettext@community \ - php7-iconv@community + curl \ + wget \ + ca-certificates -RUN mkdir /web/churchcrm +RUN crmlatest=$(curl -s https://api.github.com/repos/churchCRM/CRM/releases/latest | grep "browser_download_url.*zip" | cut -d '"' -f 4); \ + wget $crmlatest; \ + unzip -q *.zip; -COPY httpd.conf /etc/apache2 -COPY 60-churchcrm /etc/run_always -RUN chmod +x /etc/run_always/60-churchcrm +FROM nimmis/alpine -# Enable Terminal -ENV TERM xterm +WORKDIR /web/html +COPY --from=churchcrm /churchcrm /web/html diff --git a/build-files/MYSQL_DATABASE b/build-files/MYSQL_DATABASE new file mode 100644 index 0000000..15cfa01 --- /dev/null +++ b/build-files/MYSQL_DATABASE @@ -0,0 +1 @@ +churchcrm diff --git a/buildphp/Dockerfile b/buildphp/Dockerfile new file mode 100644 index 0000000..b16a1b4 --- /dev/null +++ b/buildphp/Dockerfile @@ -0,0 +1,21 @@ +FROM nimmis/alpine-apache-php7 +MAINTAINER ChurchCRM + +RUN apk update --repository http://dl-4.alpinelinux.org/alpine/edge/community \ + --repository https://nl.alpinelinux.org/alpine/edge/main + +RUN apk add --no-cache \ + php7-session@community \ + php7-pdo@community \ + php7-xml@community \ + php7-exif@community \ + php7-pdo_mysql@community \ + php7-mysqli@community \ + php7-gettext@community \ + php7-iconv@community \ + php7-fileinfo@community + +COPY ./httpd.conf /etc/apache2 +COPY churchcrm /etc/run_once +RUN chmod +x /etc/run_once/churchcrm +WORKDIR /web/html diff --git a/buildphp/churchcrm b/buildphp/churchcrm new file mode 100644 index 0000000..c3dae11 --- /dev/null +++ b/buildphp/churchcrm @@ -0,0 +1,17 @@ +#!/bin/sh +cp /web/html/Include/Config.php.example /web/html/Include/Config.php + +MYSQL_USER=$(cat /run/secrets/MYSQL_USER) +MYSQL_PASSWORD=$(cat /run/secrets/MYSQL_PASSWORD) + +sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /web/html/Include/Config.php +sed -i "s/||DB_NAME||/$MYSQL_DATABASE/g" /web/html/Include/Config.php +sed -i "s/||DB_USER||/$MYSQL_USER/g" /web/html/Include/Config.php +sed -i "s/||DB_PASSWORD||/$MYSQL_PASSWORD/g" /web/html/Include/Config.php +sed -i "s/||URL||//g" /web/html/Include/Config.php +sed -i "s/||ROOT_PATH||//g" /web/html/Include/Config.php + +sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 16M/g" /etc/php7/php.ini +sed -i "s/post_max_size = 8M/post_max_size = 32M/g" /etc/php7/php.ini + +chown -R apache:www-data /web/html diff --git a/build-files/httpd.conf b/buildphp/httpd.conf similarity index 100% rename from build-files/httpd.conf rename to buildphp/httpd.conf diff --git a/docker-compose.yml b/docker-compose.yml index 7ede1d1..6e3540d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,20 +2,56 @@ # from this file by first filling in your password and db info in the .env # file and then running "docker-compose build", "docker-compose up" in terminal. -version: '2' +version: '3.5' services: - database: #Name of DB Host - container_name: database - image: jaskipper/alpine-mariadb - env_file: - - .env + crmdatabase: #Name of DB Host + container_name: crm-database + image: mariadb:10.2 + environment: + MYSQL_ROOT_PASSWORD_FILE: /run/secrets/MYSQL_ROOT_PASSWORD + MYSQL_DATABASE: churchcrm + MYSQL_USER_FILE: /run/secrets/MYSQL_USER + MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD + secrets: + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD + - MYSQL_USER - churchcrm: - container_name: churchcrm - build: ./build-files + alpinephp7: + container_name: crm-alpinephp7 + build: ./buildphp ports: - "80:80" - env_file: - - .env + volumes: + - html-volume:/web/html + environment: + MYSQL_DATABASE: churchcrm + MYSQL_DB_HOST: crmdatabase + MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD + MYSQL_USER_FILE: /run/secrets/MYSQL_USER + secrets: + - MYSQL_PASSWORD + - MYSQL_ROOT_PASSWORD + - MYSQL_USER + + churchcrm: + container_name: churchcrm + build: + context: ./build-files + volumes: + - html-volume:/web/html + tty: true + +volumes: + html-volume: + +secrets: + + MYSQL_ROOT_PASSWORD: + file: ./secrets/MYSQL_ROOT_PASSWORD + MYSQL_PASSWORD: + file: ./secrets/MYSQL_PASSWORD + MYSQL_USER: + file: ./secrets/MYSQL_USER diff --git a/secrets/MYSQL_PASSWORD b/secrets/MYSQL_PASSWORD new file mode 100644 index 0000000..dff0ae5 --- /dev/null +++ b/secrets/MYSQL_PASSWORD @@ -0,0 +1 @@ +changeme diff --git a/secrets/MYSQL_ROOT_PASSWORD b/secrets/MYSQL_ROOT_PASSWORD new file mode 100644 index 0000000..dff0ae5 --- /dev/null +++ b/secrets/MYSQL_ROOT_PASSWORD @@ -0,0 +1 @@ +changeme diff --git a/secrets/MYSQL_USER b/secrets/MYSQL_USER new file mode 100644 index 0000000..15cfa01 --- /dev/null +++ b/secrets/MYSQL_USER @@ -0,0 +1 @@ +churchcrm From 4f55e64dfac6bd72cc2ce3b53c1b77405cddcbbd Mon Sep 17 00:00:00 2001 From: Jason Skipper Date: Mon, 12 Mar 2018 00:19:55 -0500 Subject: [PATCH 02/21] Removed old .env file --- .env | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 .env diff --git a/.env b/.env deleted file mode 100644 index 5391359..0000000 --- a/.env +++ /dev/null @@ -1,16 +0,0 @@ -# # # # # # # # # # # # # # # # # # -# MySQL and ChurchCRM .env file # -# # # # # # # # # # # # # # # # # # - -# Database Host and Root Password. CHANGE THE PASSWORD. Make the Host the same as the database service. -MYSQL_DB_HOST=database -MYSQL_ROOT_PASSWORD=changeme - -# ChurchCRM Database Settings -MYSQL_DATABASE=churchcrm -MYSQL_USER=churchcrm -MYSQL_PASSWORD=changeme - -# ChurchCRM Admin Settings (Disabled for Now) -# CHURCHCRM_ADMIN: admin -# CHURCHCRM_PASSWORD: changeme From 569ceaec176edcea51a629f5064be06e211219ec Mon Sep 17 00:00:00 2001 From: Jason Skipper Date: Mon, 12 Mar 2018 00:30:07 -0500 Subject: [PATCH 03/21] Updated README --- README.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 35858a9..7b7cb5b 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,20 @@ ## Docker ChurchCRM -This is the Docker Installation of ChurchCRM. This image is the latest release ChurchCRM for Docker. It is installed on Alpine Linux, Apache, PHP7 & is using MariaDB in a separate Alpine container. +This is the Docker Installation of ChurchCRM. This will build the latest release of ChurchCRM for Docker. It is made with Apache/PHP7, ChurchCRM and MariaDB in 3 separate containers that work together. ### How To Use +It is necessary to have Docker installed on your system for this to work. See https://www.docker.com/community-edition#/download... + * Clone this repository. -* Change your desired database info and **passwords** in the /secrets files (*MYSQL_PASSWORD, MYSQL_ROOT_PASSWORD, MYSQL_USER*). -* From the command line run docker-compose to build and run ChurchCRM +* Change your desired **database info** and **passwords** in the /secrets files. + - **MYSQL_ROOT_PASSWORD** = set this for the MYSQL root password in your installation **PLEASE CHANGE!!!** + - **MYSQL_USER** = set this as the churchcrm database username (Default: churchcrm) + - **MYSQL_PASSWORD** = set this for the churchcrm database user password **PLEASE CHANGE!!!** +* From the command line, navigate to the root folder of your local repository and use docker-compose to build and run ChurchCRM. Run the following commands. - `docker-compose build` - `docker-compose up` -* You can then visit ChurchCRM by going to http://localhost (or your server's IP address) in a browser. +* You can view your installation of ChurchCRM on Docker by going to http://localhost (or your server's IP address) in a browser. * Enter the default login information: - Username: `admin` - Password: `changeme` From 64b16d312718f911840a755a624880630b13d3ba Mon Sep 17 00:00:00 2001 From: Jason Skipper Date: Mon, 12 Mar 2018 00:38:40 -0500 Subject: [PATCH 04/21] updated file locations --- {build-files => build-churchcrm}/Dockerfile | 0 {build-files => build-churchcrm}/MYSQL_DATABASE | 0 {buildphp => build-php}/Dockerfile | 0 {buildphp => build-php}/churchcrm | 0 {buildphp => build-php}/httpd.conf | 0 docker-compose.yml | 4 ++-- 6 files changed, 2 insertions(+), 2 deletions(-) rename {build-files => build-churchcrm}/Dockerfile (100%) rename {build-files => build-churchcrm}/MYSQL_DATABASE (100%) rename {buildphp => build-php}/Dockerfile (100%) rename {buildphp => build-php}/churchcrm (100%) rename {buildphp => build-php}/httpd.conf (100%) diff --git a/build-files/Dockerfile b/build-churchcrm/Dockerfile similarity index 100% rename from build-files/Dockerfile rename to build-churchcrm/Dockerfile diff --git a/build-files/MYSQL_DATABASE b/build-churchcrm/MYSQL_DATABASE similarity index 100% rename from build-files/MYSQL_DATABASE rename to build-churchcrm/MYSQL_DATABASE diff --git a/buildphp/Dockerfile b/build-php/Dockerfile similarity index 100% rename from buildphp/Dockerfile rename to build-php/Dockerfile diff --git a/buildphp/churchcrm b/build-php/churchcrm similarity index 100% rename from buildphp/churchcrm rename to build-php/churchcrm diff --git a/buildphp/httpd.conf b/build-php/httpd.conf similarity index 100% rename from buildphp/httpd.conf rename to build-php/httpd.conf diff --git a/docker-compose.yml b/docker-compose.yml index 6e3540d..22764bb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,7 +21,7 @@ services: alpinephp7: container_name: crm-alpinephp7 - build: ./buildphp + build: ./build-php ports: - "80:80" volumes: @@ -39,7 +39,7 @@ services: churchcrm: container_name: churchcrm build: - context: ./build-files + context: ./build-churchcrm volumes: - html-volume:/web/html tty: true From 5408e73881a62d5f6a7ca36e21271f606998df20 Mon Sep 17 00:00:00 2001 From: Jason Skipper Date: Mon, 12 Mar 2018 00:40:13 -0500 Subject: [PATCH 05/21] Removed image file --- images/Login.jpg | Bin 54602 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 images/Login.jpg diff --git a/images/Login.jpg b/images/Login.jpg deleted file mode 100644 index 0957c8c392e49a36370afcef245fdbf998dcfd59..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 54602 zcmeFa2UwI#lPLU>a|X#dC&@uXh9F5K=PXHb2FVP9-qM%&$Y4Vt?KFS>8iIwRabS3{ES=zNN=gAs{m+d0Pqm? z2OyULKjlE@y8xi63Ge{`fD2%v(E(T}2$cnpL!m50KVz^7Qlcb@KFL5xXi3NGqyqVt%g?6@I{+ zKS0t6#-y24;0@+h1m4qKm|{3`g>X|{Ny%DAPg_O(w(<``2tV6+dAXsJ0)V@RpO2oZ zB8!Qs84J!5KmafRgn$IVYh&l@rJ$p8`+J?gKflBO2q#lN+765hey{5v>Hj5&%-+G* z4n@2UDz~k@ubn#zu0_Q*J1-wU0Kh;+fIYy^>pT1u1ylN<8i;~le}^4^gWrFLZGVF& ze&jLGQ$pq0M7I#pkM)a zchB!|H45gj{Zl=Te}ZjnZ2zd!#>Vjv_%~WmB~d?o)7jU{%_isv@-si&-TYDf`VrVr zpM*|6YI>;W6%@}(Ts<}ZfIV!rw0}=`Mp5)T?BuUz_&aRptAyg^Z)NRmZfg7v`@0${ z{0`grprC)t;Im9*I7mVcR1L|!1#Cg zp0m;SQShUzudDtaZ3uQ!`Xk-PU+<4L-}O=XgGP5>RLOrUYiIM1-|}-ZQ2RaI!Pn%E z_SiezRQ@B~!|;!`dHE^+QKy&NkG}q+Jq~WFf28}~)BmHapO3*G=`J?6zW3c9`Mvyf z{@@RA6Ho?jqyAU`9Y7S20z^=wNf!Y890E~&5CD`sy@Gt49i9AG6i}nafkoZJ?y3Nb zsIZ760DK>V-}3;#;pZP?3+)Q-KhnHVzjf^Kw<&_ z^$~XdKKFjB5A*v23&00R07`%sU;@|y9zYP)K1tv@AdhPCEkGME089ZZzz%Q%+yNgT z00;%{12I4%YLpcUu1bJKFVRZTYS5a{ zI?x8tM$u-_meID*4$#igG0+LoDbX3xxzL5srO_48HP8*vEzup(z0rfwAE2k8KSj?+ ze~n&`-hn=ZK8e1BzJq>@0bmedT)|+)5X6wiP{Pp0FvGZu;e!#5k${njk&jV{(TvfD zF^;i>v5RqriH%8t$$}|}c^y*?(-6}R(;G7!GYK;bvjnpqvm0|9a~TtYiNGSlV!-0Z zlEG5PGQo1h3c!lN%ET(ds>ABRn#5YiI>E-qzJkq-ErqRyZHn!J9fF;N{Q|oR`#tt3 z_A2%<4h{}24nNKf9BmvM96y{GoM$+%aoTalaMp2PxCFS&xT3f!xMsK>xRJP-xMjF) zxMR2*xEFY&c$|1Lc-naOctLonc!hY)cq4f0co+C&_}ut6@D1=?@bBY4#jnKg!JorF zBp@JQBe+JOOW;fpLGYBInxLOxnc$3&oRE)DiO_=3pD=~6nD9N}4B;UW5fK-WJdqiZ zA5jWXDNz^E0uhXug7_-2I$)DG0~)Roj@)TcD`H1aeKGzm0SG?O&vv@EpBw63&iv<l_ zbUAcAbi4GF^w;U_=o9GQ(9bfUGw?C!F@!J_FnnM*W@KViW%Ocv#@NNU%XEcFp2>yj z5mOt}7BdC29J4d?Bj$GIZ5ApP1r|4!r!3tp5LO0OHCBJtm#o9A7i`>YhHQ~+Rc!O@ z`0Uc`ciA7Ycd|n`m^m~#LOIGgW;yXVr8%8ApK$hZo^o+>8FR&QHE?Zm({QVE2XmKm z&+!oPfOx!l@_8nBv3aF=U3p*de&R#tli+jW%jO&5N9UL1cjkY=KPrGFa81BNAYWiw zkWf%T@Sb3~;PTZgS8rd9yxMSeUx-7t)wBWw~V?WD8|iZ?N64x$*MGk{pZN z9l1QYB@ipf29yt4k!P2;moJjvP~cT?QFyJeuPChOqgbbSswATnru6N9*i;-<%2gn$5~?Ap@71u>G}O}6rqvnM?bJ)vA-AM%h284bAk@&;$kJH3 z&3D`9cC#kB<}J+(%{eVjEf1{*Z9rRHJ41V3hg-*6r$rZAS4THn_p6?WUZ`H5K83!u zewqG>fucdG!52dwLx00gBN8JEqf(<&rET$~EEdwnFtmv%Vtln9ZSld{?y@Pef_)gg!xQ(_=zRj_%y6tmYh@Fz% z6T2OIdHYB9TMjoI(j7ML-ng57chm8PV}|3F6UZskY1diFIm;R9qUMt8a_Xw>TI`B+ zGj^+T$92Es-sC~<;p)-t$>bU6IqJpl72~z!E#v*z8{(tkQ{;>0Yw6qQM~M=4KKS$a zNBb||le?FF4;Ek)@HUVv&?E3e5MNMy&_=LI@T(Ba5WA4hP}b1VxV6sT^(`01I-IU=}$<&;O*bhA(PNjj;O47;FgVR?t zG&AZSu{=t6boAKz@j#|{X6_UGC;m^Cp5A`i_>AM(!)Nd;r>x0r#q6r*4A0}ApT4kv zF_t5rQ<=+{o0xl^=bZQXrRvN2e6IY=0_=i&1z!t|3j1D3zbY-FD@rW7EcPf~D$y(H zE|n@REn_H4Ek`f+FW-7?@%mH6&5FiK!OE9aSE>@LfolKi?V39^Q*SihbiS2-TUpCl z`@D{#E}{#uz?)=ha(lybo+dbT)(bM0n(%aRi(AVC7qrY`PW}s@RjIm<_7ad z>89vr>z2yar)~4?^&PLBi`|$#vc2c~Jo~lZM^@)BLrM(=W z`{5$wJIr_&pD9NSZJpdR)0Kje3^BL;N zg^DEd0HA}42J!&9nAjf?_$~O}6%+jdp%FBoM3YP;@(?8(;_w2%-VxX}B=wxUZWN654fEm?x zER3=&Q=TQo{0df`~#6UxJCJZtF z1YDZrC-6^5cP8-Uq5q0Mg$E?aPrtbOQ#kqO9!Y{6{l(S4fvaP`xcWD6b^I4s{|2s3 z{Nn20z}3lLT>TrkI`xaIe*;&ie{uD1;OZ}V_2+9pzvR_FOYc7mCPDts%By@8dwZGL z&Vq;nZ^nv><|pZ<7936m8f;x|WPXCe0(31E@I^!@#+U7CrjY$zmUCr$3+-!Q?$u$u;QD^zP!eVS;`F_gV> z09f{tb^@LHR4d+VrLr%)=<*L<*NAL##CJAReDO&-rlqdNjA|o+Rdpj6nl6}% zi)Lh}4lz|fFC{Tn(rT~ZmbE>hs;k*CFkVW9OB(O-A_1ig@Dfof5@4U+o9+rTLIRes zfMs`I!zUwc6Mp6N@oVob4?dz_ucrh=yPpF%c_q23q?@~6abtp*rzi2uO-PO!_e@O z$crv!EVxpcbHyP+w5hzviOu?#!B!;Do*H~46oUlnsk=b*I~vO%(k}m{MN+XK+i62x zI`P3%$tS5g%RUT$ioM*@mM3GEPkA;b;sy32P6!e`O-b;Yh(;xBq8 zv%F!d{0&?Bd+c+eNf#ao%b{3Mq4&8IM+L886sA$e^@^A|ru-Z?kH~K>TjK4~s)QK( z8$DxH4sC}9oK!(@I#TJr1hV(YgcnHk^t4KGh1kcxRQq~Q-rO%?@oJ|QC3IZkXxB$o z+*RNa#zpd|0whG=gj}=EJ1?&pVY5#uU1yPcE9_s^|4JugG#zO z!?G@^!_$mUfT$}Z_ayuBRo!B;6e6agaWBoAx_rc<`g*A5ucj{Q`*?W~ zg-9iU?3hy#SH?J}iar%g*xc9X&y>QG9n7;&qhZZuilezO-d*gpjxi(Y1fe^(5q!$m z5wyczxg$JHEr9ckKc}!}D<=Ux1*lRlW{|1R+dctNfNXQ4!KAI4P&Q_Ir+{fX;`qFQ z`jai`3-zUJ;n(1@6|xc? z%i*uKIC|Y{IfVzV-C*aDGZwjPNTAv+_k&Sdtbm)g#0>ms`X~+Zkfx0SCZK-sXjFW6 zBguAF_G^1~@aaebsMfk$D8BxR6+_lmZ7#8MJ=9#O*sMjsEsaHfyt?CY9COb>>ay-| zP^p1#)9Y2=)7dZGIgG6>7g#x^t~Wj*flS@uWbVrYJkTq5NK^6R^^hZ9?wl}`VrjaXGqG+t+Vuv zP?hj~@pvG~V>i4<*E)&0TC2RwD%3ZVerTXL^@448FI~mvA=EcgGdvS9cBtVAq3%7D z-(!d`Rx^C`P@#WQna7~HaZX@2y)mxa4Fl2?H#^vSnf) zlg^{S*_Ug}BKhHm${E^gG>rT+U}ut9>mFv>R`sA_=YY4SfihDn8XDq)G>yu#nqFvU zGc^w@I*Ebdm6=N$lPdf0jnA&LOy&F?ueK$p)0I!BXwy|Jy!-XkDqP?uNFWjn^Sv-% zb?>d;d3to?>Wa=n`iBAh)E-78z;~f^Qhr&s3X`CNiFG70E+%@c95Sxa=U2z~4eq|9 zQ`wFS#Q5qKiDBV#(fZ*Dkz4B9{mMPJm#&F3=?k3O2g1tCdR}}fFRC`pT55x}UbzPk zOelz|soYS^u>RPP2oG8XF}nzr2acFFPwrb}G_NQQHtoir>V)tB!Nxb-eZfT*U15#_ z^-u6(6HI0byf+8CFvFA`j&s>A(=O$WSD5#RfJ)sHz>)L(|{7mtVfJHLCHB>u&Y^@ z(@`t&{+1pyf_nS9?YsRIP0!fbU9YWTy}`bwZ)I2MdcF~V%v+aB=0dR@F#det#)o8q ztDo+@UN%*c|tP#IUmI zZY!F1X)LCc^QPbAlqclj18jaANqcS%+APyY%6YEA0r9mrK;34tZT=~xo>U)*K?%H% zWODnbm1Umy`bMYXUlt)Gm?Ia73nyx;IibYWUq^1I($|O)*1igfiFJ_fP`G;nJP1p?3UcI|UN(Ai;t$ z?b6n^l|)4a}*VvyS!%NHgVc_TPsw0vLju2ihwbx$HEnSj{W>sf)~pV=GKuX2cf*ddQ5 z+@E{P-~)aY%6Vam1O~t`JS1TAwEd`lxLu+AaO31H>Wv}+2nC``1ia<`LRm90W@A&r zaXU-vaiz&nk*kr;_7z{EH%i`gL-eUCs+eTQR4fGopUm7s_ za-;I4b8*B*!#8%Fu(#G)hyf-!FcX|~lPUBH21 z6{;C+^wAZ12I{A0UU_i6hUwW^-=(j_>lbOy4QHU!_u;%j%SeC$jx}A^+E%y9sCQ`5 zlGZoexo`5oR4yrwdHZYoUH-$x)yazb7ZDLm8r`2sHuRjUE~OWcy8 z3O|GST}oYL7x{lK%>GA0?oUleL;g?hXp($Ph4EYr%L*=)OkZkPS!N=EK$UE;;^f&E zh{Rq2Y;@_G5NPshOHsxqXiOjT!m%Q}GJKJVB)8idi+#F+w6%@CJ!btR39+JcC;Y~< zPZ^&vtdnF^O8xU)rpzYe(Z6;E?z3^HwQ&(Q!Iiy@#*Afn;oL{3%3er-2p&)vdK)5_ zx*A5-(J;wkijPfb`-CQ)s}HJjrhinq(xN*|wG67=fInnrKmwm7wZHPu3QF9N(#hN= zAZV;~c#|>EXtHMPk&NGi_hM$Cg z1Y^oE!04AN?^ifC8yK6_H`us__=or;3hbVe2}F~{ow4hE#&6up$Q-EZkU^x&k%9-f zAljGr#TPHRQkuMWj9d+KAAuXD@3(@MLGiOH70VYiwa3!}gipvi6B*oPMMa-UmH=YB z7UyX>h11*@1dH!-_ecuA6l?5U-!$K36-5HlJs~7;$^e8a2{sa#jvhfIQ!OvnaKoR2 zW7>C6Dj_0WLmdf_x-NtC+FcjVq?qZz(*&NEd@=24uBV45&8itEzR>);Mljo?Z5Mwp>0($`7!)Fa_K-tf> zs%C^{gib6VcVm|n-rI>3xm5Xd7_7*&h5$NrO6+Q#Uf)qOA1=1nq zLAEr~>z_&x{_viUl=TO#6ff1;ZC@AOiNV1n+a@yN&MRduwXP0$KSH=|#oPpITFIuV zqwi}9ahKq-+(PdZ;drS%X!&#xGt%IyD#!F@LxL>DGBe%Q)~mn<)w;%8ymOynW7w@Vqq}C8?hUrr3f1kBjjYzO4{k+@%Hy!JAZkM`VCG9;vQQo0XUoi#ybJ>ElTB-fGK~ zZM$Plj9opiN9OiKXG*|Ts$AejSITNd_`~Uqkv&ILzeNH|+?O%7sNwNNX1KCvd~OH4 zEP2`7zL^8_MFQxts0JG+J0SsDB;abD04DX%jmm70A&HdOlVF&`j_*#0GZ2Y>J{No4 zM40cIek18M=Hf|+^7i#vp7a@AorueDbfsa(ck4Sm#uo$gv&Pvg3hgyT)#+TX8jA@BB*j8r&} zY|M?7lO2`gg7K?E`(hXUb4qbDoUb_*G7F?hg5nvdnm*2%}Bp&hf=M0o~e;M zKmxng8K}2pId!_1T4V+DnC@t25|>W2hLIS=S4u*x2G=JoP0p$DbJgjpLp6~AFB&BG zGVuVsS>AlX-q%J}1N|0x+>Y&Ha^?JEVSP{BaBrHLG1KN}n|*%q%4hDgy(dpfXI#x3 za%zeOxoX>Et}Q?G3tZRP?ApeafIjI2!49D@;z@_+`6lQnEIeX*<8+S%32-|= z%n{8bm(13A5<2q_>J^kJ4IiR<4e&n|!N~tfiyPrPPnGddal_6guujuO@McJ0%n+ zdo3^Ut$MB^R5BO4w0MqC9jn`w!+q21{lRsze%XZKS910i+;(TXFk|SK70-^Acy{q(LQ|~c+sN4u0sdf?Em(Aff0y8u+G#Z*~MllC4i}|ctIdURGe@yB z8BfdFfP(S&_i|Y;DBNs`^%`mu7+1UCq`pwWmRXe%U61 zY|d(;;`cV$_0|<5yLpBI+Fd@Uaql^Qj-0;rfd3yE!@4Y&4hh@^qlX4e)PB_OIX!>; zyxBmAP_fs<&d8KTMDS}DFE@JdIH$(9#6)0-A;8zXl|z&M z=9dTepbcm#!dWXi;j|_jq2%l}IZN*w@(Z+OcpP9~_4OJvC-QSzv zXN^}OGk6`BM0)4yng@Wx))or2M@U2U)uBQ?yA!@(OM2d+Ay7u+w;o?HOnfq*B74r=hZ zDBq>@pJh~w;tnJ*BeXoyp?#$xsg=LfrNOwuowIUiCNHr5mO)0`Qu5n_q|nbNRsPV$ zD8G?7E7HkOstOHpNttdU%n^^lH)Rca(UTKQ*Gnr(J4$BKc)9k$V#k*pp)9CXTXQM* z0^Pa&T$3?07YPvW!}yVaLOUsH<g$O0=qUIL)8%}9x`UmN^-aPE$#=(p_GEQpu zOigOz8sixAa}6OOem3s*L^7V;g7ElY*4W|pd9=WFVcF@aaAA~G5d!C*`o_@;sjL7m zkFs+256;U!+l{=f2BIZ$fVm>@rXh#gEgGqmff+heY>Ffq_^M9HDIdVWpFz8*_uQeM zHA>f{>O0$R|1BA%+c&k*_xd|a1*Xc+xRyA+Zo(OCL|F{ViUTfO=Ip4>K3)Wa2f|TF z)$X|mE|+N#$NR0EkW;0^u5f~}m*qFK3KU{5+7k6!lh(CBTHcMVy()<#z@M63ObUk)`VRCDB>>tlt# zfsG(;UIrjqueKlQ8^?uGUuL#3!wH~N8}Xr>B`!|_jHil5r_N0{l2nG%9d7E}3~<2F zQxWS4BP#u@RJPR+Y}qB+6GZs1Nf84p?N+)d?l1`hU75Fwq-}Of6a4-EDzO*wM&XPE`X3)}ba?_O5s9Fcq9~B0>rmUfcuRw=hjX0$L#H~Oeq(-qj>Rgz zbl=q50`;D4L-nFs*_M+m7*9LB9K%rI)|zV7mX^oS0NyO&pzx^JJyYYP6ZhAFR9|!7 zR_#gItPnUMXy9hq7Z`n6ycZ1R!J$?4wMrg)A0xP=&pzcog%3Pbv##Us4(CUVfC%J7 z%Ra6W33(LI?P**X9e7N7M-W6P-Ty38%^2;<(=tz*lj+!CoEB;hn_nV{l3~cIO7#3> z`G&&Xh61~}>5eq+3&oA{ddh$sXlF%2pRQ2DkPk?=XGkkh~udb;c{g2Qp9^^w>!CM?XI9RAtZnX+7+WlWX?=) zN(6rE21UwI!k(;>;KHUYTi!)pbOdMw+|3+QsZrYz@I@02oKM(~R~;Pm&Iu-6zcLvq zWS-Mwa7;iTXwQOtk1ijsGPfAAoYl!&} z9y$NhA(CfG&1#bARLzcjxa`l*FCVwenszvI99YVVl+nKW@>R{?PRlNSOLl4J{hSD5 zK2~}sgBQng6i_L6AxBMI`CU(w&e)n9%^e+O58`N97kT>YtjMRnln)1^@j6Gp$Kmzg?sTU{{=d$Ww zFl*IO)hX*cCu(P17bNCLATO-%@*E5)_%l*fuvxGpR2{+*x_lX1ff6+3RuPvVnC_nu z8HBCqH3b66H}C@qbM`^Y}qPInhLKl|1VBY)LnY2Hwstkkh$Cx>b3h@L=G%&28NoxYscG<$bljWg|>^nEZ?p4mm$ z8U*Kqy@_>>9Es2JfAu6moW{19!g+VkF~IdIkS@YKTu6?FGhHu&^1gek9Vf9! zY6e$y572F#&`eGAzi#g9%|EoRK$B{(-uR-VNm}>)o;>qyU5h;=kO=2~<)Z5}Thw6Z zSfZJFb;0#%!L!40H@A+IuxQT#4zJ$v+a2ukrq5CUjCA!IKpxJh#n+5g5c0q)qr!1(;6Pf{0NTZKuFk-TJXT--hAlXRN8*^&2dX&^#g+ zzL;laTfviAE_656q)y&Ax_wf6)BE|zo`ZS#EjJYWV9(zVay;B%M_kH^=Faq$v(eT& z>85$mu!?jZaY6!rr%)SPV9er4%6J>K>KYQTwG8yHlNt=a*h61YYYe@dFO%*w15Sf^ zDg%sBwZTFDR4MN&K5sQpGjFdnH6>7oA_0HP`!}xZ;3zAzy=jhBq&2Z8>t~tf4p>Fm zhfQ2Wov9Z%#@)XyUz{9RDP~*+wMIvgbnD=lD+f_`yS^~)ZlkJggaxc7G7}A)zycPl zW4_Yr`Zfb5dvo1U_Xm0x9!!^NgKb>BJ)Ql18N}u@P3!^;gKi~ND{~9TudU|g5%?Kl zr6#}yOSgTUnmuY914_O`+SkXdT;r0L$xJq>hAVr1LQ|&H`9F@i#s*l)Cb$y{?}UnSbt{)!#78;NLEDS~Z}tw?4HRIxI0`o4L-0z%umiwlq$pPumv{ z5yr43bpw=ZOui|T=d4z&5a#8|7D#(n^VhVh5qEFN;tDGl-E5-(U847zWj&*~-nDCh z>PvC7$B=^M;-uPdv?xc3D{@?Ov!Hl?m~E|wIZ^NI@R$G@O#uCirx7Mc{Y%fGYt~qy zO1{fNF^dec`u33;$?V-$tS#|sa|9jeGHb#1gcrth5{FftC>@Q71#<5dl%xy6s&O5q zUIsSkwoKgN`F0X1)H`tJ*{ulF^=EuqL2y9M6Xsb2mzfNwGap)Ijz+LR@4j7;mYW2> zu7Ae(;q6BsDeB1eR|{o%5z&$mv|jZpBM7{ivtjq+D^tW+^_;o+=b@7z*49J2rp5zq z&o^BCsn6KOUGl1~M{qzh%yOt9LVHAzVl5=_fcyQEEb6#WDYs$qt-53fo~a0yK>ALER=KUL!?L^Lw2?ZUl%`xrb}0PyvwMacQ6pLr zQUJ3^sJuJ10+hK6Odm+F{AwejAgbHQ2<(wX?~2_Vv*8uUG%Mw-b)g<%k*mva6i<3#y+R^df|>aI2slNujm6S@ zd2%5cTv$uMkaf2x{rwJG`t6!IrN){&@_g@k0K0TeAn>@Mnh?Tdzd176Q14C695qLGmz?rJNdpoEy_^0v{dyOW`+D_(Q%}ip$I@coJ%o z^NB_5u^J87O0%;!U6Z4OhA1d@&ry!>)aG)@L^~=@H%2 zD1VuO@@+w`8(NH4hXq}n_WdzqM7#xf?2^~?$%-C>~jjuds`gFG;SDt2MzHT;0Q@ z^?eS1CB1du+Q7LDb6gHDlotBiewE7Sudv1*2RBw_k;RV16FcaqU_jE$rxx3a#$pMP2G7gvV_m_u1V?O)}tM;&@HYK}Cn zf7B)Pgu}bMtiQE#ol~7*DeLabtL+y?aJsR|qYyQ5Mh)$0+mObq>-Xa5v29pV)K+b0 z=0pzeKaUI?IIc=yCh}jT4_sW{i1#bq%ddxI7I4mweHeZt>rn#4@d*na zyTiPfz|qa$I;*JQpwWsW{>@fxyW*Bvq0GAtP4izl3VqH98U!;URf4LT%DclQLnWuf zIh2=RN7wf9ofsu6^NeSONbN^-H8xY59`9Cz$ax=J>*)WxS3ii+05=qJI@9 zEt14bpIH`8%4o~ZHWY=OE=#J$+`4Wug}sjcxRnoO#n7p zd6%_G0@>x?LfWHWXK0TL7~AV|X^Hx%bEJRhPXD0J@jN4I)9EKFgMYKK_ESw9|JoP( z)AjAYnbkkl?(rY6nqTO`_aodeGmqx#`P(i>sD+|AN%5y{C;wDy>p!2% zrNOvcW|kwd72Hj4V@&Bk49U8D@Y=;zr`@vTK4FUgZm9%c9OW*XTA`fU((aBRX2F}i zl|{ABbH%v$m4q%xzOMse?U(1;-_4Z&Kq_wW1wAuD9q6e((mu!ef&>-|QA#-IFW5wW z%H1o!vi#!9_pb4)GyEDPf6NpAk93BwaLZTD_ZFC1a%P8V3ay0*)5@xcN~BpFUjWD4!RB??Xh+$x@_WB9dNeRdFshf|DG`1M=R0uJ6m!eWsz0GBiK=&dZ%+chD!sJH! z_5QuFbzQrw4&-t@YMtvZ1`wn&zT@I(o0P^GCU9qn=7jO0TgZ#6JKCR_#tyI(wvu9T z*%LE;`tleKM1cx0UZ@5Hb>?5<`a9w=`f{RMA2CziL(n4iX<0n+)mPKL^{+(Sz)v_# zC57vJ5+^cpC%&$6X|7vu=$tpcXLT=5dhS&!zUZ}`u?9HjDiKNVtoBJ;G{5YvJ<52t zN9nxOWimMr>~(MyPbEh?I6tK4cahren_%hW24;M+V>s7$`{s5`Z}QFWY_+-JsRL(x zQ~`;h0|#?wt8o`upeQKXiXFAheC1mH_~15u_j+PbC+hN%_|*s;*w<#E$o2ybS=3Ir z)duQrBNyN(=G|M3+UlTH^HReXYyy}`i4i73dT8w2b*5FkkaoCs8#^qwyZCF=Ewx%# zyDz*KJGt<%$KWN2R0z|_!A0ln>xS_GudQ;+JZG9Fe91fLzVDCnNIdde%`M)wYNv$L z)u^wTJBtq$IYp5sy|2f!dXQ?iINip(NypV76GWJ+qETif@W*D-@JaYmMtXRJ!9+>#fe#L)S-t z>)_VRY(fbh$I?oKj12z=I0$OoHG9&;9J5y2KITvGz?mggr{2|9rer{5?KyNrx|EKo;vx08a(ManqPwbtBaC#_XPPt== z={0qBS3@|h_Or;>*Yu>>(@a2+S!?Wf5<+k+Ys57xWxJ9aUzsk<-t=f z3>S<11236c`^)vUUaj?h4(6yIdtHcC?CCLwD}()Od0tp$-`n(YLp5gIy2KBZA}ZFF*C^TetEt-Ur_Y(d>ou?S%8! zd~(y*hHS(dbrQ)4-)BsNLxu;Xb#A)W;ml)9WC7=LO`fQ;X#H=4Q0Iz}z>)1VYO+iQ zubH-@CQI*e`k4J^m9tTtA?bbSEr>$(){OWWEhv05-uFVfuT z5PXzKnaCwf{8gn_CQ{f}M>IAzoH9_m^Sst<>d8raZ6}RTw!c8>VX6LOTZN@*CYBiM zS=rW_@>)5jh3E)Q^F4YWu}@2BX`j=~Gjnkf1O7zQaIPHA>;eCtF2b_kgYY;2?9c}7Rg*Ovd_4Wh5Ejx3h zfOwfyjjwi~xi`suZJt+JzMAd5LjR3)%WSwfU%iZUI?ZI5E#TfQ;Ii||~%}|6_#~`gmFx}*>2v>wGc-ax2=1Gpa;X%_FrDCG) zuo9iDIAV@8vuX%H6m@o*F3zb~)*MT}uN>(_V2!r&=2^fz2EI1FZAo|LIGiy}%{}ck zG_V^_IMnp*06|g%HEzLd3g_mnXLe+sd)H(We=>PVaXb650aoW7$5LA!jCU~0!Z~L- z-0`+Wlx1gnxvDaL+p)z?%yG`+3(S}dLYDsJ78G?z&UQy@YJch`f`#5=s_!Ms>Za@b zdjP-&ssy3boyqKG)0|MrC#BXfutB3v#>e81>p@EZ&eK9tHH`Wjhw=<3`CH%%g)P!A z)%V7ZoC~uV_6{w|qBetYHkHjLTWMFViD20V(A2J$Y}eeqDEbBG>AbRjC?R%&;krp= zpc`S1mN1Up(n#zqbENXz3Au&U;x-}O*Mog+nH5{H+)5-Vju%9O{nA zDwl5->-chZ8#P!rJ9@Sbav1USO=>d&JpjtP0!%NJ5>C50`|jPF&wZCop6(?IJ{rpO z$}K*F#`O8~wHX~-3oTXDFzuD%(R+}N)_=5Rb-x%c z3(3h{#)in4p3UA)=)9ShD4x{kea|MUMRv`OhNc(GR|edv=6BlgAh5vviB_$>Qw7~F zZg1CPy}`0|Y;0<;EqR8%R5#mJSPNu!T2HxgR_MijX5Mt3sB*iR2{I#;bBoECHMaBU zt(T+6uEK*V3OM%^sJ61IqG~_d_0S0=UUhipal|TppX`y!qLXHFD;39*UkB4!L9ZO~ zxU72->gKFBA1RGaMJ#!vADgtA&JwTNqy(+X9ieSl*NT%?b>1*E1W4aizQ;yi@w2)i zEnS)08!nmKCE3iGl4~y^=xFiyPHp_0D$`|NYYL2mFKQTD%iEGV3C>vr+vsYrqMacXe$fSb$iz;>7^tv->oRI2HbKERnSBPC|rd zqpx$U9((OHV$?;+;f^TYa19rVYNpth@n|S>2~H_4bABQ+r|Rn~9Uy1TCiv>!Yx@Jm z2z3PC&i?Onz}V0~p96+kEuCGZ`l>KxM+K5kG`bFXWP4NkgZ2y8g6VR5%P3X@x@L52 z76jF4PWf0kFwU}$DwH~A@4i}@=kL`Y5?$CL`$(zwI-kq*QMo6U207X)AulCzr zIpZhmX$PzH@1T2Dsmt1Ufz3mGbWf5()g>Yjqi<8@^J~Z>MkpLCTZfl@-i7h&_kf6w zQYl;>!XoKg-qD-fm#u59c`}$*fLM*he{-o41~qG=f~3Rj_C(do7Pn8Sqh$v?ix1WC zo@44z>G%W_hhzaeC4Zxo0w08NL(0`)y7_(3ja9;`qQ1MbA4U5fzgW9-PmD|9YS(r4 zqqAJVdsC803PyIJfl~Ed;Hvf3BrXfIcN-m?JA+Pmdg^KKMX`ay0OI0(QktpaUZI&U zE2q6A#z?hkvtU%!321K^~AyYOM(5HW&M2iZsD|5b#^Gg=K|Nqa2!uE^@YiXrRdzexEflzhJ}@-uCupnruQ z+%+0mR;*eLqWa=6O4sLnx2aTuq|v;mUZJ#SYefEeECLgJTwa=AH7nxtyaCRJ1dgdE zKoFF2U7`9H%u8GmS>4m?Ox*=ZV|QFft@C zRq$t|vMAw30Rh7=mi&W1zgY6Cm+br+IH<||uMSinIsi0wAUd!Y#_f>E%T%zeOl&!jv*sEUJ{IK-uF}YdFe3`=sprO2QK2GipZ?wA9{z)Lso~AAr5xsDe2zo|jrlAb}2) zyyQ~wmpaNf&3OJO0{T_r7q5Qxl0T2JU*qG)Wb$if_%)0EKfiud3BV@5ulC-MAya5h zENZnMU)Wl7JQ&+Bz8iNoP1gM-l1*yfM}@{W^;KAn^^NdJ>jMQ@ln(1*eQu5wux|P) zXr)xqr`bn+v!#mt3Q1atana9`!96+zX`A~hVVXkbOtZ7cZeV<*E(y9V_;jV1%Y8}eJv z9iLBEr;<8#{eSIUc|6qZ+8?D7X;3JtktH-p$u6UMgbE3fZ7SKfvTqqnS_avoY$IEe z7$OQ8`;y8|*|+S*jCC+G-n-88oO511=e+NEUiF;!eEcz=@%gzw*ZrICyed$*RZMDI0Uu!%oh=GvqJ-h$|1=;h>dE@i^T&6ebMU z$b0Kryj*%rS!aBAtk-dx3`LzVe3Rf{UgUL^lpPv-y-gYFn4tXoDTf*M>zr#Dj5L&( z;mq|%D>o{?q`g{u>986do)LmfEJ6(O2TVQc$GmarSGADuHnn-Vpu_Vaz^TI0-q@xt zD9!I{YKxlnz8}mlGVI^W+(!tEiE97fFQPrn0#9R?4&ZP08Sc62^7%m~Fa;4Ldtkc;WfQW2|Rn z+liu)Ze%DWVd_q`P=}f ztYcxk>bb`qGjNNYtxtBItY{`R;I2c*1n0TrXbkLrXPhHK*-CJaW z7UI*`-`ru*J@hH=m@Z=~?VztE>`tRs4ZLqZvz%$0YNq&e&St@aS-IgarGh1;V-L1j zLRQ%O?W$0l$woPEUK5gMUM%Q)u2?-}uHS%@%gf-Vu~2RJJ= z+vcH6&aY^rYH5i|lsBj`Yt}j8H4nyyaMKS_m9P&7)NWD1Wru|vH7C4V z!|3Y7xAbPueB?!t`_+19+*s!cC@t1Ef;5Q!bMGkZid8Y zzwB};S;UIYKMM)Ok5Fx0u12~D9_siY~=S? zxK}+&8P^lS@U&%EH!}!bkTTG*~S{ zypN~;Q%{9rBJRF8r+!@0^ai#oiz8F)aYvf@jY z%rF(Yl9%06lWo_dr*wls!gVarYc~xb@lN$fBy$mA-psWvlj72j@Eh(~Zyz2OT~2=k zJ6p*1!gC9uy}Ac_KjuS&$o0G&qfD-rESnm{k4o^vv!pw0Fuf(&xlYE~27954uubo4q?pJ$i#|QL48{`=KU5niM z>I58ZbQCb#l=3w8L`sGln-4Jr_2Fqp_#uIP(eu!IUfW`-*ditM40{)xUnQxDSliO$ zwL_eg_BRs5=0?w)9C!uYLRKQq<>}c~2+nn??rge_F+V;Fe>+&cs2%8S6a2|xnTaNd zD61Y^(aS=GjfK?-zb#H;Bt1STFtz=@;UMo7?{Rtw=~D3{mBKK!hB@3$5H(P=JxSL! zUJK2TV_kgNJS(9}i746`<|b7-C_d`NLvT(_C!Zpu1_-D4ThH+o?Mlko&N;~+j{ zT}wy-QQ+B%3sENtrk2~?g@JSnONv7|VuvHB=(hA?a@yABS{$#>5s`@GkV+N@+d%qI zh66h<-{efh&MzWAf}$yY3zsO#^2fbCGxxgklq}y#Pnd9aw~32P-4=7xn58Pl#41Y7 zIA=SL{Dp{%+aA-HS$lhpO~7(+r4+M1P^=;+o#f7mq){~$(oy$*$ej2(Vn2+psP*CY zUjonV-MYX#f(T*pJWt8Q^6Q{NYO`ACA1u5k0~uX_Ft-=GesS-7lmvipmm@Q|%x zvWfmXyYR*5Xb1_uAWR8)1@*Z(z6xQN7aqqB1P5YdPA&JO@M5myKR9!lF;=+YnaRb; zt=kppHgUK2Uiw{NWN$*j|pkT1g4uNTX#grFBP}Kv-9hD-tYT+gz2y z0|quztRXv%4%m_#Q1kI|NIhWu8(v(7pD)aEoE>6L+^GD_>wl zrCFu$c+_i<#7~Pmbc+GR&^>l9{W|bJngQe|gkAr!b5J0$sJ!imnyUXvYW45+E2TdT z;xHM-W#8D%AK7lf?xLA(!53N9qq0Bv;`UJTNGv*4~*#_*^5YSSj(bn1lf%HLS=)=$u_z1QmovO@_ zMoiVMLe5ybRPz~!>BX;>=SM^J3Fe9DS*R{>jYEK+d^xOGKl6p8 zCdb=NXo1Wmrms$rb^2`n87x@x$|O`Ds>8Uy`nI*)-h{gTy_31ql64-DEgYI7XJ_&T z&;g6FKK}cRCk!8vO}q$vGe`)AbVRY>a1l_11R)Yv2-lm7?pl2+8Ian*R}Wc;!Rf=mZ2_QwjT$yjn4 zFazub6_zgQP_@3<6#pX5Z-t+V0ap1<^6udJler2>gM+$>TBs@=R7=DvB;qhI=_7K1 zf1t~&k6H`fAm^)x9)lZ%e5fyHi~SRWrx437u-6-JxPhVh#ys3u zDI2@Z|7kze;UsP@S%u_QSD@&6Nn!?%%0w?)%IiE{`0z|9sWyVoFr~G9nrqu(*ZQ{N z{KU*iI{_87-2>6B=4Sf5LCP`?X%f*n?MXmAC<^~tY}=du2m8B!LI~mS={osr6z_bozy2CVWtlw^bj6z0iIoDcSw6EuEm&}lFhYLwGcDOSVl_B7DjIQnQlbKnj$ z>5&vy7+C_8z_wea9fd6pOoK{A=9GL;R4~T^u>kQ~g`CA(4arbY2WxIP-EbV&dKzO+ zmc1_(zF%qor8t=k#S_f)Bi{)C0S&#R4D0r=y_8LbG>Weij;fNh zMvC~%{@ti_Dd^IiAI0W9YGhU(7~9g0T5-dM9gbUtklj^CpxUblM@b5qSBhwRt(O=@VFJcn zKpns5XC#jOhX!UL1VIWjn1Vtb>J)DI* zU7^6U?^{4N^0ea036h^SN$e?EkI?nuSyXXTyYt!jBDBCE*P@ylelH1@a)`IRn4jin zU9We`Deq+*U3!F@Op5gAsmxP1wJj6=p4yf?UF&u^cM@v~7NH)dpw>zR zY2M-%W{GcCw{o1HYFT=Ro-F1ffrZmQ5;%|CYI#v;b}a1n?CvYd4-y7F55$D}RH=yt zVqT&2Np8=~JF`3zFZX=P=Ghk-ik{GYZgWayOt@$cH*`~u zRa>yKTG#H2ncas^v*UmeW#@%&SKY#3dJ?LvpekU1lY**%C-sa)mg#ev`lm=X#eEJG z<>FV|E4}i0^yzE&kF1)u@YMO)C612)fyVspAKa}vhr#qTzy58Gs(}i?CwR$-$LSG& z{WA^o{+Vs?s4rRoJKVhd`e$6be?sKjpK(0>U+1#Uc<*E*p|>BOPXKw&#rgd~Vj9H- zlBSpO*8R~spPdei7%B4mUx3tGl9MxW$|V26Y3Qe?QBO#ZG@Gpld0()#ho5GNl;-7@ z(g?2|C_29i5lRn8OlyjVt1T|c_oOxu+U(A4F>K9Hj}y1D=(fTptfZw_aH#oRWs6Ao zd@}X&$-+9{4)Hs@U6nDGT=d5(!hLFa+rPw5IrQ1lxSp)R+c#~P|p}Sg=lD6CHSk;AHj!ueES&2o6NbS-Aetl+% zh>p)IZ4+ayPG;RVC2W*n{{B0T?@lp)+cbnbw>Y{i@>FR`8H=!r-impR_?@DbB^w6DH$qE!^Vr?>1TB{`o`TGQgFR3+%`1$0*i zvaTzPTpu2wO_Z9xKK(w$4$-4XReImEg^*DlM829tI@_VnH?RM=ZS`ALW5ZVHp3ahe1{|E^ z9YmKqMb;SJ2J(4f?B*gF@x_j0=BJW(m)Omncm+qIr;1bw@ukJbi2fr%xrhVidBwY1 z@dp-+9qhT^zS?!vja%ZqBs*=09}f25alzcU_QhwtIXSN~-%d>A<>&Rv?(MtLYH{(Q zprVJ7iN_4ixx+36i+eY~UsAubliJu}R&IgEAa`0`K`K@_ zbf5s`PZc0M3NErrBgstn_xPDuY{?kPv$fHGpKoQt=hd>Zs9bb)Ni)23Kb!-`VUE~^ zvxG7Bj!ig5?|;~~;CzN@z?k)Uc2JFhOp;2SW5?~tDn{oH>V2YL#fNkY`2+2qoC|R` zigb=y?9xB!;T2fDXxr}+*G*T$pTHlxq#M;@DOz#1>4sijYg~6vOffYs=0q%?jOE3& zJ3#}_&;1fUeCd+jWTD;LMdcY79dFItxL=_GIsu z4Zq~IZ?p&E*XN8IjAtK3bu7xLWz(N}M%7d)5NFsO27P?$a=xgMnke1Gd6GR30pTw% zLei{kKAk*1m8xVNna`4_!do-_Fp!PXKLiVx2Ih9wh<=LQnY#;CL^XeLN|Ad+)hjEZ zOBsi^_lRrNy||7)ENZV%>C$#FJoZ}e5jkPggwDQ`C`H*x=oP#&IXI%Y=wa??oE1UOMgohjrj9xlZ>`$`E zFmFT977LC^wl6F!cKD7VO?_1~_~Ps00+!5`%{ruIPnJv|Pw1pYo-EV0m@pAO(iwRK z8&?mLe3nYjdVKh1Tbo{*isQufucw0+@l+a6F{_i~@6NK?|Lsq)&k>A`-*h2z2TJFs zc)Wi?e9-^L17uBh8qFAzUe3jeFk6|PY01Wa;U%WWL-t;1-npT!LsjOzB!iupqQJo6 z!XQ}<3Wj_%L*F&#oIH1Ha(1YQ@T4tENB55GER$UZXC|G8P@7DPZzaCA>N_Yc-JPB; zd!l`A`7-7KOe{`Hz&_Q?$;ksTW{rOU@`B+lo;L?F)GG_JvEethfHRTRxx|KbH zm^Hlt7W@LomTO6@iBgtY4~Itho#(IqRwbVB zl|sc^7-W^xjXC2pqN+T7v+|pg&{&z7XU*X=2s&K94q0avlCTR2qA(4C!+=?de0UXt z280{jz->%|zgdM0z!#m-z%_Bt2T8q^CKLK2iAd^gRn#hEiwlCR2>VVJwz~t|wZC=x1bmy_ z1-Dr&Ua6n``xgZ5)`;`MH!6{Tp$FYfZ6lwSLy##b`+worA_lksD)HusfxZ2!kdcX% z(67mj^tb^Wg)SQC;`DeF361y;J7i%laK|uj!jV@_u0ojVq2P*(>HPQhk-El=NEmMcQm{Da|5`g#AAsle$6~%@!RM~oPeE$2`B>x?u-mtX)t z-;b}%t$9hRRg1^cco%?Dl`r;(G^>9Q2#HwV;yCM}!u|)yfUd5qC+9x^kxlFH8=$M} zYTjIjH(HNh^=Hd~u5X&u2C7fKj_5kqY~DciS5(*4Sh9iYuc)r8U1S5*Ur}9G6UYXt zzoNRX@m?FK{)*~`zAEqyiS^XRHuTl?MDsUU8~W;RNUZ1ghQ7LiK; Zr`3kO`Xf%O4Sn@Tpt_;2{s>e*{}+r7EgS#< From 64dce37c89dc041720595220ef4dd37677ea6409 Mon Sep 17 00:00:00 2001 From: Jason Skipper Date: Mon, 12 Mar 2018 00:41:28 -0500 Subject: [PATCH 06/21] Updated gitattributes and gitignore --- .gitattributes | 2 +- .gitignore | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitattributes b/.gitattributes index 4240d1b..0b1766d 100644 --- a/.gitattributes +++ b/.gitattributes @@ -3,4 +3,4 @@ *.jpg binary *.git binary *.png binary -*.xcf binary +*.xcf binary diff --git a/.gitignore b/.gitignore index 69a9988..e69de29 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +0,0 @@ -line-endings.sh From deee223da62e2cbaf0de563fd036d389af1b8af1 Mon Sep 17 00:00:00 2001 From: Jason Skipper Date: Mon, 12 Mar 2018 00:44:51 -0500 Subject: [PATCH 07/21] Removed unneeded file --- build-churchcrm/MYSQL_DATABASE | 1 - 1 file changed, 1 deletion(-) delete mode 100644 build-churchcrm/MYSQL_DATABASE diff --git a/build-churchcrm/MYSQL_DATABASE b/build-churchcrm/MYSQL_DATABASE deleted file mode 100644 index 15cfa01..0000000 --- a/build-churchcrm/MYSQL_DATABASE +++ /dev/null @@ -1 +0,0 @@ -churchcrm From c64fced6e46156e9a94aacabc8a58c7c23816264 Mon Sep 17 00:00:00 2001 From: Skipper Date: Mon, 12 Mar 2018 12:01:53 -0500 Subject: [PATCH 08/21] moving to base images --- build-churchcrm/Dockerfile | 24 ++++++++++++++++++++++-- build-churchcrm/configsetup | 9 +++++++++ build-php/Dockerfile | 32 ++++++++++++++++++++++++++++---- build-php/churchcrm | 17 ----------------- build-php/crmsetup | 4 ++++ docker-compose.yml | 24 ++++++++++++------------ 6 files changed, 75 insertions(+), 35 deletions(-) create mode 100644 build-churchcrm/configsetup delete mode 100644 build-php/churchcrm create mode 100644 build-php/crmsetup diff --git a/build-churchcrm/Dockerfile b/build-churchcrm/Dockerfile index 78b45dc..438cf3f 100644 --- a/build-churchcrm/Dockerfile +++ b/build-churchcrm/Dockerfile @@ -10,10 +10,30 @@ RUN apk add --no-cache \ RUN crmlatest=$(curl -s https://api.github.com/repos/churchCRM/CRM/releases/latest | grep "browser_download_url.*zip" | cut -d '"' -f 4); \ wget $crmlatest; \ - unzip -q *.zip; + unzip -q *.zip && \ + cp /churchcrm/Include/Config.php.example /churchcrm/Include/Config.php + +ARG MYSQL_DB_HOST +ARG MYSQL_DATABASE +ARG MYSQL_USER +ARG MYSQL_PASSWORD + +RUN sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /churchcrm/Include/Config.php && \ + sed -i "s/||DB_NAME||/$MYSQL_DATABASE/g" /churchcrm/Include/Config.php && \ + sed -i "s/||DB_USER||/$MYSQL_USER/g" /churchcrm/Include/Config.php && \ + sed -i "s/||DB_PASSWORD||/$MYSQL_PASSWORD/g" /churchcrm/Include/Config.php && \ + sed -i "s/||URL||//g" /churchcrm/Include/Config.php && \ + sed -i "s/||ROOT_PATH||//g" /churchcrm/Include/Config.php FROM nimmis/alpine -WORKDIR /web/html COPY --from=churchcrm /churchcrm /web/html + +COPY ./configsetup /usr/local/bin +RUN chmod +x /usr/local/bin/configsetup + +WORKDIR /web/html + +ENTRYPOINT ["/usr/local/bin/configsetup"] +CMD ["/my_init"] diff --git a/build-churchcrm/configsetup b/build-churchcrm/configsetup new file mode 100644 index 0000000..ccd1e35 --- /dev/null +++ b/build-churchcrm/configsetup @@ -0,0 +1,9 @@ +#!/bin/sh +sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /web/html/Include/Config.php && \ +sed -i "s/||DB_NAME||/$MYSQL_DATABASE/g" /web/html/Include/Config.php && \ +sed -i "s/||DB_USER||/$MYSQL_USER/g" /web/html/Include/Config.php && \ +sed -i "s/||DB_PASSWORD||/$MYSQL_PASSWORD/g" /web/html/Include/Config.php && \ +sed -i "s/||URL||//g" /web/html/Include/Config.php && \ +sed -i "s/||ROOT_PATH||//g" /web/html/Include/Config.php + +exec "$@" diff --git a/build-php/Dockerfile b/build-php/Dockerfile index b16a1b4..124a810 100644 --- a/build-php/Dockerfile +++ b/build-php/Dockerfile @@ -1,3 +1,16 @@ +FROM alpine:3.7 as localssl +MAINTAINER ChurchCRM + +RUN apk update && \ + apk add openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out server.key && \ + rm server.pass.key && \ + openssl req -new -key server.key -out server.csr \ + -subj "/C=US/ST=Tennessee/L=Nashville/O=OrgName/OU=IT Department/CN=localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt + +# Create Alpine-apache-Php7 image as well as copy certificates over FROM nimmis/alpine-apache-php7 MAINTAINER ChurchCRM @@ -13,9 +26,20 @@ RUN apk add --no-cache \ php7-mysqli@community \ php7-gettext@community \ php7-iconv@community \ - php7-fileinfo@community + php7-fileinfo@community && \ + sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 16M/g" /etc/php7/php.ini && \ + sed -i "s/post_max_size = 8M/post_max_size = 32M/g" /etc/php7/php.ini && \ + mkdir /etc/apache2/certificates + +COPY --from=localssl /server.key /etc/apache2/certificates +COPY --from=localssl /server.crt /etc/apache2/certificates + +#COPY ./httpd.conf /etc/apache2 + +#COPY ./crmsetup /usr/local/bin +#RUN chmod +x /usr/local/bin/crmsetup -COPY ./httpd.conf /etc/apache2 -COPY churchcrm /etc/run_once -RUN chmod +x /etc/run_once/churchcrm WORKDIR /web/html + +#ENTRYPOINT ["/usr/local/bin/crmsetup"] +#CMD ["/boot.sh"] diff --git a/build-php/churchcrm b/build-php/churchcrm deleted file mode 100644 index c3dae11..0000000 --- a/build-php/churchcrm +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -cp /web/html/Include/Config.php.example /web/html/Include/Config.php - -MYSQL_USER=$(cat /run/secrets/MYSQL_USER) -MYSQL_PASSWORD=$(cat /run/secrets/MYSQL_PASSWORD) - -sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /web/html/Include/Config.php -sed -i "s/||DB_NAME||/$MYSQL_DATABASE/g" /web/html/Include/Config.php -sed -i "s/||DB_USER||/$MYSQL_USER/g" /web/html/Include/Config.php -sed -i "s/||DB_PASSWORD||/$MYSQL_PASSWORD/g" /web/html/Include/Config.php -sed -i "s/||URL||//g" /web/html/Include/Config.php -sed -i "s/||ROOT_PATH||//g" /web/html/Include/Config.php - -sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 16M/g" /etc/php7/php.ini -sed -i "s/post_max_size = 8M/post_max_size = 32M/g" /etc/php7/php.ini - -chown -R apache:www-data /web/html diff --git a/build-php/crmsetup b/build-php/crmsetup new file mode 100644 index 0000000..e611fce --- /dev/null +++ b/build-php/crmsetup @@ -0,0 +1,4 @@ +#!/bin/sh +#chown -R apache:apache /web/html + +exec "$@" diff --git a/docker-compose.yml b/docker-compose.yml index 22764bb..e1a2047 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,30 +19,30 @@ services: - MYSQL_ROOT_PASSWORD - MYSQL_USER - alpinephp7: - container_name: crm-alpinephp7 - build: ./build-php - ports: - - "80:80" - volumes: - - html-volume:/web/html + churchcrm: + container_name: churchcrm + build: + context: ./build-churchcrm environment: MYSQL_DATABASE: churchcrm MYSQL_DB_HOST: crmdatabase MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD MYSQL_USER_FILE: /run/secrets/MYSQL_USER + volumes: + - html-volume:/web/html secrets: - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - MYSQL_USER + tty: true - churchcrm: - container_name: churchcrm - build: - context: ./build-churchcrm + alpinephp7: + container_name: crm-alpinephp7 + build: ./build-php + ports: + - "80:80" volumes: - html-volume:/web/html - tty: true volumes: html-volume: From e3f581b5eb269cb134a5b2ffb2ac641f7bbc5952 Mon Sep 17 00:00:00 2001 From: Skipper Date: Tue, 13 Mar 2018 08:59:15 -0500 Subject: [PATCH 09/21] working on getting ssl enabled. --- build-apache/Dockerfile | 19 ++ build-apache/html/index.html | 1 + build-churchcrm/Dockerfile | 28 +- build-php/Dockerfile | 58 ++-- build-php/httpd.conf | 175 +++++++--- build-php/server.crt | 18 + build-php/server.key | 28 ++ build-phpold/Dockerfile | 45 +++ {build-php => build-phpold}/crmsetup | 0 build-phpold/httpd.conf | 469 +++++++++++++++++++++++++++ docker-compose.yml | 7 +- 11 files changed, 746 insertions(+), 102 deletions(-) create mode 100644 build-apache/Dockerfile create mode 100644 build-apache/html/index.html create mode 100644 build-php/server.crt create mode 100644 build-php/server.key create mode 100644 build-phpold/Dockerfile rename {build-php => build-phpold}/crmsetup (100%) create mode 100644 build-phpold/httpd.conf diff --git a/build-apache/Dockerfile b/build-apache/Dockerfile new file mode 100644 index 0000000..8953b62 --- /dev/null +++ b/build-apache/Dockerfile @@ -0,0 +1,19 @@ +FROM alpine:3.7 as localssl +MAINTAINER ChurchCRM + +RUN apk update && \ + apk add openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out server.key && \ + rm server.pass.key && \ + openssl req -new -key server.key -out server.csr \ + -subj "/C=US/ST=Tennessee/L=Nashville/O=OrgName/OU=IT Department/CN=localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt + + +FROM httpd:2-alpine + +COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf +COPY --from=localssl /server.key /usr/local/apache2/conf/ +COPY --from=localssl /server.crt /usr/local/apache2/conf/ +COPY ./html /usr/local/apache2/htdocs/ diff --git a/build-apache/html/index.html b/build-apache/html/index.html new file mode 100644 index 0000000..6f8443d --- /dev/null +++ b/build-apache/html/index.html @@ -0,0 +1 @@ +

You made it!

diff --git a/build-churchcrm/Dockerfile b/build-churchcrm/Dockerfile index 438cf3f..3c0e13b 100644 --- a/build-churchcrm/Dockerfile +++ b/build-churchcrm/Dockerfile @@ -1,4 +1,4 @@ -FROM nimmis/alpine as churchcrm +FROM alpine:3.7 as churchcrm MAINTAINER ChurchCRM WORKDIR / @@ -13,27 +13,15 @@ RUN crmlatest=$(curl -s https://api.github.com/repos/churchCRM/CRM/releases/late unzip -q *.zip && \ cp /churchcrm/Include/Config.php.example /churchcrm/Include/Config.php -ARG MYSQL_DB_HOST -ARG MYSQL_DATABASE -ARG MYSQL_USER -ARG MYSQL_PASSWORD -RUN sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /churchcrm/Include/Config.php && \ - sed -i "s/||DB_NAME||/$MYSQL_DATABASE/g" /churchcrm/Include/Config.php && \ - sed -i "s/||DB_USER||/$MYSQL_USER/g" /churchcrm/Include/Config.php && \ - sed -i "s/||DB_PASSWORD||/$MYSQL_PASSWORD/g" /churchcrm/Include/Config.php && \ - sed -i "s/||URL||//g" /churchcrm/Include/Config.php && \ - sed -i "s/||ROOT_PATH||//g" /churchcrm/Include/Config.php +FROM alpine:3.7 +COPY --from=churchcrm /churchcrm /usr/local/apache2/htdocs/ -FROM nimmis/alpine +#COPY ./configsetup /usr/local/bin +#RUN chmod +x /usr/local/bin/configsetup -COPY --from=churchcrm /churchcrm /web/html +WORKDIR /usr/local/apache2/htdocs/ -COPY ./configsetup /usr/local/bin -RUN chmod +x /usr/local/bin/configsetup - -WORKDIR /web/html - -ENTRYPOINT ["/usr/local/bin/configsetup"] -CMD ["/my_init"] +#ENTRYPOINT ["/usr/local/bin/configsetup"] +CMD ["/bin/sh"] diff --git a/build-php/Dockerfile b/build-php/Dockerfile index 124a810..914cf87 100644 --- a/build-php/Dockerfile +++ b/build-php/Dockerfile @@ -10,36 +10,34 @@ RUN apk update && \ -subj "/C=US/ST=Tennessee/L=Nashville/O=OrgName/OU=IT Department/CN=localhost" && \ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt -# Create Alpine-apache-Php7 image as well as copy certificates over -FROM nimmis/alpine-apache-php7 -MAINTAINER ChurchCRM - -RUN apk update --repository http://dl-4.alpinelinux.org/alpine/edge/community \ - --repository https://nl.alpinelinux.org/alpine/edge/main - -RUN apk add --no-cache \ - php7-session@community \ - php7-pdo@community \ - php7-xml@community \ - php7-exif@community \ - php7-pdo_mysql@community \ - php7-mysqli@community \ - php7-gettext@community \ - php7-iconv@community \ - php7-fileinfo@community && \ - sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 16M/g" /etc/php7/php.ini && \ - sed -i "s/post_max_size = 8M/post_max_size = 32M/g" /etc/php7/php.ini && \ - mkdir /etc/apache2/certificates -COPY --from=localssl /server.key /etc/apache2/certificates -COPY --from=localssl /server.crt /etc/apache2/certificates +FROM httpd:2-alpine -#COPY ./httpd.conf /etc/apache2 +RUN echo "@community http://dl-4.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \ + echo "@testing http://dl-4.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories -#COPY ./crmsetup /usr/local/bin -#RUN chmod +x /usr/local/bin/crmsetup - -WORKDIR /web/html - -#ENTRYPOINT ["/usr/local/bin/crmsetup"] -#CMD ["/boot.sh"] +RUN apk update --repository http://dl-4.alpinelinux.org/alpine/edge/community \ + --repository https://nl.alpinelinux.org/alpine/edge/main && \ + apk upgrade && \ + apk add --no-cache \ + libressl \ + curl \ + openssl \ + php7 \ + php7-apache2 \ + php7-openssl \ + php7-mbstring \ + php7-apcu \ + php7-intl \ + php7-mcrypt \ + php7-json \ + php7-gd \ + php7-curl \ + php7-fpm \ + php7-mysqlnd \ + php7-sqlite3 \ + php7-phar + +COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf +COPY --from=localssl /server.key /usr/local/apache2/conf/ +COPY --from=localssl /server.crt /usr/local/apache2/conf/ diff --git a/build-php/httpd.conf b/build-php/httpd.conf index 44c858c..4759cb9 100644 --- a/build-php/httpd.conf +++ b/build-php/httpd.conf @@ -18,16 +18,6 @@ # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" # will be interpreted as '/logs/access_log'. -# -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minor | Minimal | Major | Prod -# where Full conveys the most information, and Prod the least. -# -ServerTokens OS - # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. @@ -38,7 +28,7 @@ ServerTokens OS # same ServerRoot for multiple httpd daemons, you will need to change at # least PidFile. # -ServerRoot /web +ServerRoot "/usr/local/apache2" # # Mutex: Allows you to set the mutex mechanism and mutex file directory @@ -48,7 +38,7 @@ ServerRoot /web # mutex file directory is not on a local disk or is not appropriate for some # other reason. # -# Mutex default:/run/apache2 +# Mutex default:logs # # Listen: Allows you to bind Apache to specific IP addresses and/or @@ -73,6 +63,9 @@ Listen 80 # Example: # LoadModule foo_module modules/mod_foo.so # +LoadModule mpm_event_module modules/mod_mpm_event.so +#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +#LoadModule mpm_worker_module modules/mod_mpm_worker.so LoadModule authn_file_module modules/mod_authn_file.so #LoadModule authn_dbm_module modules/mod_authn_dbm.so #LoadModule authn_anon_module modules/mod_authn_anon.so @@ -86,23 +79,31 @@ LoadModule authz_user_module modules/mod_authz_user.so #LoadModule authz_owner_module modules/mod_authz_owner.so #LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_core_module modules/mod_authz_core.so +#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so +#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule auth_basic_module modules/mod_auth_basic.so #LoadModule auth_form_module modules/mod_auth_form.so #LoadModule auth_digest_module modules/mod_auth_digest.so #LoadModule allowmethods_module modules/mod_allowmethods.so +#LoadModule isapi_module modules/mod_isapi.so #LoadModule file_cache_module modules/mod_file_cache.so #LoadModule cache_module modules/mod_cache.so #LoadModule cache_disk_module modules/mod_cache_disk.so #LoadModule cache_socache_module modules/mod_cache_socache.so -#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so #LoadModule socache_dbm_module modules/mod_socache_dbm.so #LoadModule socache_memcache_module modules/mod_socache_memcache.so #LoadModule watchdog_module modules/mod_watchdog.so #LoadModule macro_module modules/mod_macro.so #LoadModule dbd_module modules/mod_dbd.so +#LoadModule bucketeer_module modules/mod_bucketeer.so #LoadModule dumpio_module modules/mod_dumpio.so #LoadModule echo_module modules/mod_echo.so +#LoadModule example_hooks_module modules/mod_example_hooks.so +#LoadModule case_filter_module modules/mod_case_filter.so +#LoadModule case_filter_in_module modules/mod_case_filter_in.so +#LoadModule example_ipc_module modules/mod_example_ipc.so #LoadModule buffer_module modules/mod_buffer.so #LoadModule data_module modules/mod_data.so #LoadModule ratelimit_module modules/mod_ratelimit.so @@ -116,32 +117,60 @@ LoadModule filter_module modules/mod_filter.so #LoadModule sed_module modules/mod_sed.so #LoadModule charset_lite_module modules/mod_charset_lite.so #LoadModule deflate_module modules/mod_deflate.so +#LoadModule xml2enc_module modules/mod_xml2enc.so +#LoadModule proxy_html_module modules/mod_proxy_html.so LoadModule mime_module modules/mod_mime.so +#LoadModule ldap_module modules/mod_ldap.so LoadModule log_config_module modules/mod_log_config.so #LoadModule log_debug_module modules/mod_log_debug.so #LoadModule log_forensic_module modules/mod_log_forensic.so #LoadModule logio_module modules/mod_logio.so +#LoadModule lua_module modules/mod_lua.so LoadModule env_module modules/mod_env.so #LoadModule mime_magic_module modules/mod_mime_magic.so +#LoadModule cern_meta_module modules/mod_cern_meta.so #LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so +#LoadModule ident_module modules/mod_ident.so #LoadModule usertrack_module modules/mod_usertrack.so #LoadModule unique_id_module modules/mod_unique_id.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so #LoadModule remoteip_module modules/mod_remoteip.so +#LoadModule proxy_module modules/mod_proxy.so +#LoadModule proxy_connect_module modules/mod_proxy_connect.so +#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +#LoadModule proxy_http_module modules/mod_proxy_http.so +#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so +#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so +#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so +#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so +#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so +#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +#LoadModule proxy_express_module modules/mod_proxy_express.so +#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so #LoadModule session_module modules/mod_session.so #LoadModule session_cookie_module modules/mod_session_cookie.so +#LoadModule session_crypto_module modules/mod_session_crypto.so #LoadModule session_dbd_module modules/mod_session_dbd.so #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so +LoadModule ssl_module modules/mod_ssl.so +#LoadModule optional_hook_export_module modules/mod_optional_hook_export.so +#LoadModule optional_hook_import_module modules/mod_optional_hook_import.so +#LoadModule optional_fn_import_module modules/mod_optional_fn_import.so +#LoadModule optional_fn_export_module modules/mod_optional_fn_export.so #LoadModule dialup_module modules/mod_dialup.so -#LoadModule mpm_event_module modules/mod_mpm_event.so -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -#LoadModule mpm_worker_module modules/mod_mpm_worker.so +#LoadModule http2_module modules/mod_http2.so +#LoadModule proxy_http2_module modules/mod_proxy_http2.so +#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so +#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so +#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so +#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so LoadModule unixd_module modules/mod_unixd.so #LoadModule heartbeat_module modules/mod_heartbeat.so #LoadModule heartmonitor_module modules/mod_heartmonitor.so +#LoadModule dav_module modules/mod_dav.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so #LoadModule asis_module modules/mod_asis.so @@ -153,16 +182,17 @@ LoadModule autoindex_module modules/mod_autoindex.so #LoadModule cgi_module modules/mod_cgi.so +#LoadModule dav_fs_module modules/mod_dav_fs.so +#LoadModule dav_lock_module modules/mod_dav_lock.so #LoadModule vhost_alias_module modules/mod_vhost_alias.so #LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so +#LoadModule imagemap_module modules/mod_imagemap.so #LoadModule actions_module modules/mod_actions.so #LoadModule speling_module modules/mod_speling.so #LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so -LoadModule rewrite_module modules/mod_rewrite.so - -LoadModule negotiation_module modules/mod_negotiation.so +#LoadModule rewrite_module modules/mod_rewrite.so # @@ -173,8 +203,8 @@ LoadModule negotiation_module modules/mod_negotiation.so # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # -User apache -Group www-data +User daemon +Group daemon @@ -197,16 +227,6 @@ Group www-data # ServerAdmin you@example.com -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - # # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify @@ -214,7 +234,7 @@ ServerSignature On # # If your host doesn't have a registered DNS name, enter its IP address here. # -ServerName webproxy +#ServerName www.example.com:80 # # Deny access to the entirety of your server's filesystem. You must @@ -222,7 +242,7 @@ ServerName webproxy # blocks below. # - AllowOverride All + AllowOverride none Require all denied @@ -238,8 +258,8 @@ ServerName webproxy # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # -DocumentRoot "/web/html" - +DocumentRoot "/usr/local/apache2/htdocs" + # # Possible values for the Options directive are "None", "All", # or any combination of: @@ -252,14 +272,14 @@ DocumentRoot "/web/html" # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # - Options FollowSymLinks + Options Indexes FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # AllowOverride FileInfo AuthConfig Limit # - AllowOverride All + AllowOverride None # # Controls who can get stuff from this server. @@ -290,7 +310,7 @@ DocumentRoot "/web/html" # logged here. If you *do* define an error logfile for a # container, that host's errors will be logged there and not here. # -ErrorLog logs/error.log +ErrorLog /proc/self/fd/2 # # LogLevel: Control the number of messages logged to the error_log. @@ -319,13 +339,13 @@ LogLevel warn # define per- access logfiles, transactions will be # logged therein and *not* in this file. # - #CustomLog logs/access.log common + CustomLog /proc/self/fd/1 common # # If you prefer a logfile with access, agent, and referer information # (Combined Logfile Format) you can use the following directive. # - CustomLog logs/access.log combined + #CustomLog "logs/access_log" combined @@ -355,7 +375,7 @@ LogLevel warn # client. The same rules about trailing "/" apply to ScriptAlias # directives as to Alias. # - ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/" + ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" @@ -368,21 +388,30 @@ LogLevel warn # -# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased +# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # - + AllowOverride None Options None Require all granted + + # + # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied + # backend servers which have lingering "httpoxy" defects. + # 'Proxy' request header is undefined by the IETF, not listed by IANA + # + RequestHeader unset Proxy early + + # # TypesConfig points to the file containing the list of mappings from # filename extension to MIME-type. # - TypesConfig /etc/apache2/mime.types + TypesConfig conf/mime.types # # AddType allows you to add to or override the MIME configuration @@ -430,9 +459,7 @@ LogLevel warn # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # - - MIMEMagicFile /etc/apache2/magic - +#MIMEMagicFile conf/magic # # Customizable error responses come in three flavors: @@ -464,6 +491,56 @@ LogLevel warn #EnableMMAP off #EnableSendfile on -# Load config files from the config directory "/etc/apache2/conf.d". +# Supplemental configuration # -IncludeOptional /web/config/conf.d/*.conf +# The configuration files in the conf/extra/ directory can be +# included to add extra features or to modify the default configuration of +# the server, or you may simply copy their contents here and change as +# necessary. + +# Server-pool management (MPM specific) +#Include conf/extra/httpd-mpm.conf + +# Multi-language error messages +#Include conf/extra/httpd-multilang-errordoc.conf + +# Fancy directory listings +#Include conf/extra/httpd-autoindex.conf + +# Language settings +#Include conf/extra/httpd-languages.conf + +# User home directories +#Include conf/extra/httpd-userdir.conf + +# Real-time info on requests and configuration +#Include conf/extra/httpd-info.conf + +# Virtual hosts +#Include conf/extra/httpd-vhosts.conf + +# Local access to the Apache HTTP Server Manual +#Include conf/extra/httpd-manual.conf + +# Distributed authoring and versioning (WebDAV) +#Include conf/extra/httpd-dav.conf + +# Various default settings +#Include conf/extra/httpd-default.conf + +# Configure mod_proxy_html to understand HTML4/XHTML1 + +Include conf/extra/proxy-html.conf + + +# Secure (SSL/TLS) connections +Include conf/extra/httpd-ssl.conf +# +# Note: The following must must be present to support +# starting without SSL on platforms with no /dev/random equivalent +# but a statically compiled-in mod_ssl. +# + +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin + diff --git a/build-php/server.crt b/build-php/server.crt new file mode 100644 index 0000000..ed1b7cb --- /dev/null +++ b/build-php/server.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2zCCAcOgAwIBAgIJAOgLHIShDjwEMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNV +BAMTEWRldi5teWNvbXBhbnkuY29tMB4XDTE4MDMwOTIwMzgxMVoXDTI4MDMwNjIw +MzgxMVowHDEaMBgGA1UEAxMRZGV2Lm15Y29tcGFueS5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDRRBiQ11f2eti/w0nhtMdtQQn2Lt1erdqpc5Rg +YRqn9ywb0L5rKqdOVhAOolb+8V3LPAupt0P+HKrk1TLzeYspfl9r6d+mVztgcyRe +AK6UCEvY9B9LGhCZ3fL9dW1Xqu/F7dFnZ+yEiEQDnQAphNEfhNKLQiP05B/NidxD +ioCL/16gttNd6pWv2w59pssjMTzX+N+KpPrmpkHhvzkVjX9TYqlBmKRLIkevPLdi +SEgRxhr/c3iWLXUXaKDxiYzkx9wA8njtnwJr7PS3FEU0DF4EMK1YxDDLuX00qCGf +peYUc07PgNni3Fvyt83uXXXCcVT/06Zh0/S++ZshJ+c54sElAgMBAAGjIDAeMBwG +A1UdEQQVMBOCEWRldi5teWNvbXBhbnkuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBv +rBr7duT2BgmBguUzviVgy1dGr+QkuXwoEi+myXDLxm3KAU8XOCp5mgdUyfM1mTb1 +Hj6tsHXZhqY5nQtKmR4aPSbNf3imhojqG0zEYXZwnHNCBs1SuSylV6MVVLRyjTXi +zawwMEZ0pj+cutfABxgTXNT9uPuZ8RwTj3tGljE6KsucnMBL2c/MW/i3NQS/sku2 +ZoriIZ+RIGoNh1ZfPKK8BiRxBNvwpALVH0Tt2VggCOqliAxjTZDmvn+0inHH05ZK +G3frMu54toM/4QtRzc5lLIL+lmsHR9jCAHb8D1Nv0GmVO4rXRWTtjgt9pi6PB/i3 +qzcJzuafOpDYVQH330yp +-----END CERTIFICATE----- diff --git a/build-php/server.key b/build-php/server.key new file mode 100644 index 0000000..fc0f4e9 --- /dev/null +++ b/build-php/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRRBiQ11f2eti/ +w0nhtMdtQQn2Lt1erdqpc5RgYRqn9ywb0L5rKqdOVhAOolb+8V3LPAupt0P+HKrk +1TLzeYspfl9r6d+mVztgcyReAK6UCEvY9B9LGhCZ3fL9dW1Xqu/F7dFnZ+yEiEQD +nQAphNEfhNKLQiP05B/NidxDioCL/16gttNd6pWv2w59pssjMTzX+N+KpPrmpkHh +vzkVjX9TYqlBmKRLIkevPLdiSEgRxhr/c3iWLXUXaKDxiYzkx9wA8njtnwJr7PS3 +FEU0DF4EMK1YxDDLuX00qCGfpeYUc07PgNni3Fvyt83uXXXCcVT/06Zh0/S++Zsh +J+c54sElAgMBAAECggEBALkImSAZCPIsFVMZ/k3QZzW3eHNxZNO+rcV/KQc/VS6H +Yz0FChoAEQc3GeOWr42lJeX6JeXe4gPinUjRKsgWBHKgBweIN/UA1MOni9SCjdre +qxIeaT0iwuMKWTy7g/8sae59JddlEMDvLBR10hrkEXTpILF5vglfXK+E4nnmEVu2 +yjXubGFMcIEnu0sOeOV1Sfso731NhT8HPty+rrxs+m2agC5mQ/uP9E2rHU5ajBTl +X0eXOVQAoTkIExwc+fwc3zPot5LYXrScOk48kJxoCFOHkZZAT/RPEkgj7edZ3Bom +qxmJfx0FisfaVS4G5QA+xWSl7ftD5kTgf5jK9u2c/lECgYEA//KjcA5h7CGk82ec +04/DvK0l4SbPEbjfdBCzuui4d//GigQp7beqgW2qbnOn5JJh9geLe36y/F0pZyJK +5T7kDp9ndUABwCJWetFgC78zFiUOjyS8kwDbCXgiaXyheEU5S4LVTNXmlg+r4uut +KwuRB/cMQHJl3oHN9aJI4RbCUQsCgYEA0U8FQjJI4THKeDxA6A+grasMxCdzAzk1 +IikOsZD+Iu9bqv79bnPazau5ShMDBHun+4+ZztmfBwrkSkcx+bmdojmW1qwKtNOe +7X18P2zJtZfHNp3V3NuJenj5VOrOjWxBtkDB2VNFJu4Rf1tqG1webMqrE92lCXWZ +eECIwVvr9I8CgYBfbKVGt/YGRZzsKusrbWQ6ygtfYEq/fr/A1CFOREnSY4gwGNFR +EbL+QlbSi0hDTdg8FCAK0PgGYu12yDBIPCRm10OJUW3Vpne7nqhCeOyhCvvcnoO4 +Aw+m/iVGUvMYliaAYq0H0o//zqP1HI0ZiVxvLcphlMUqKhcRx4mIciXMdQKBgQCh +LPpdqR8Z2h+RSsSobjBKy2a/PamBF/JkZb1c2sv31t195XD+NtSMf+nkspMmRppq +SoAkGswsviRhVkWTiW1rWHFgyYZNDJBbTL/6jykcXs4Wrp/avGs3FiTZUR7RJEXN +tDwRv9+GRNjQe3JPszXyjHYEjC7kA9y0Du3AB6rA3QKBgC5NaTG3UayjabUOgBkW +us6/KTBoyy/FbSPEXxfrHjWwkSADEqZrnPQYh4lNYrrLIEyklJbYatzhxwx9d9ux +zyh1H2IG4NUWJqu5nCMPo9Ce3u/fmnODfw72pFtTtmMendpBVrbWJL5OEdj0SChC +0bFC12yEdJrEi9QSJri8BbDw +-----END PRIVATE KEY----- diff --git a/build-phpold/Dockerfile b/build-phpold/Dockerfile new file mode 100644 index 0000000..124a810 --- /dev/null +++ b/build-phpold/Dockerfile @@ -0,0 +1,45 @@ +FROM alpine:3.7 as localssl +MAINTAINER ChurchCRM + +RUN apk update && \ + apk add openssl && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out server.key && \ + rm server.pass.key && \ + openssl req -new -key server.key -out server.csr \ + -subj "/C=US/ST=Tennessee/L=Nashville/O=OrgName/OU=IT Department/CN=localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt + +# Create Alpine-apache-Php7 image as well as copy certificates over +FROM nimmis/alpine-apache-php7 +MAINTAINER ChurchCRM + +RUN apk update --repository http://dl-4.alpinelinux.org/alpine/edge/community \ + --repository https://nl.alpinelinux.org/alpine/edge/main + +RUN apk add --no-cache \ + php7-session@community \ + php7-pdo@community \ + php7-xml@community \ + php7-exif@community \ + php7-pdo_mysql@community \ + php7-mysqli@community \ + php7-gettext@community \ + php7-iconv@community \ + php7-fileinfo@community && \ + sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 16M/g" /etc/php7/php.ini && \ + sed -i "s/post_max_size = 8M/post_max_size = 32M/g" /etc/php7/php.ini && \ + mkdir /etc/apache2/certificates + +COPY --from=localssl /server.key /etc/apache2/certificates +COPY --from=localssl /server.crt /etc/apache2/certificates + +#COPY ./httpd.conf /etc/apache2 + +#COPY ./crmsetup /usr/local/bin +#RUN chmod +x /usr/local/bin/crmsetup + +WORKDIR /web/html + +#ENTRYPOINT ["/usr/local/bin/crmsetup"] +#CMD ["/boot.sh"] diff --git a/build-php/crmsetup b/build-phpold/crmsetup similarity index 100% rename from build-php/crmsetup rename to build-phpold/crmsetup diff --git a/build-phpold/httpd.conf b/build-phpold/httpd.conf new file mode 100644 index 0000000..44c858c --- /dev/null +++ b/build-phpold/httpd.conf @@ -0,0 +1,469 @@ +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "logs/access_log" +# with ServerRoot set to "/usr/local/apache2" will be interpreted by the +# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" +# will be interpreted as '/logs/access_log'. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minor | Minimal | Major | Prod +# where Full conveys the most information, and Prod the least. +# +ServerTokens OS + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. +# +ServerRoot /web + +# +# Mutex: Allows you to set the mutex mechanism and mutex file directory +# for individual mutexes, or change the global defaults +# +# Uncomment and change the directory if mutexes are file-based and the default +# mutex file directory is not on a local disk or is not appropriate for some +# other reason. +# +# Mutex default:/run/apache2 + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 80 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +LoadModule authn_file_module modules/mod_authn_file.so +#LoadModule authn_dbm_module modules/mod_authn_dbm.so +#LoadModule authn_anon_module modules/mod_authn_anon.so +#LoadModule authn_dbd_module modules/mod_authn_dbd.so +#LoadModule authn_socache_module modules/mod_authn_socache.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +#LoadModule authz_dbm_module modules/mod_authz_dbm.so +#LoadModule authz_owner_module modules/mod_authz_owner.so +#LoadModule authz_dbd_module modules/mod_authz_dbd.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +#LoadModule auth_form_module modules/mod_auth_form.so +#LoadModule auth_digest_module modules/mod_auth_digest.so +#LoadModule allowmethods_module modules/mod_allowmethods.so +#LoadModule file_cache_module modules/mod_file_cache.so +#LoadModule cache_module modules/mod_cache.so +#LoadModule cache_disk_module modules/mod_cache_disk.so +#LoadModule cache_socache_module modules/mod_cache_socache.so +#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +#LoadModule socache_dbm_module modules/mod_socache_dbm.so +#LoadModule socache_memcache_module modules/mod_socache_memcache.so +#LoadModule watchdog_module modules/mod_watchdog.so +#LoadModule macro_module modules/mod_macro.so +#LoadModule dbd_module modules/mod_dbd.so +#LoadModule dumpio_module modules/mod_dumpio.so +#LoadModule echo_module modules/mod_echo.so +#LoadModule buffer_module modules/mod_buffer.so +#LoadModule data_module modules/mod_data.so +#LoadModule ratelimit_module modules/mod_ratelimit.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +#LoadModule ext_filter_module modules/mod_ext_filter.so +#LoadModule request_module modules/mod_request.so +#LoadModule include_module modules/mod_include.so +LoadModule filter_module modules/mod_filter.so +#LoadModule reflector_module modules/mod_reflector.so +#LoadModule substitute_module modules/mod_substitute.so +#LoadModule sed_module modules/mod_sed.so +#LoadModule charset_lite_module modules/mod_charset_lite.so +#LoadModule deflate_module modules/mod_deflate.so +LoadModule mime_module modules/mod_mime.so +LoadModule log_config_module modules/mod_log_config.so +#LoadModule log_debug_module modules/mod_log_debug.so +#LoadModule log_forensic_module modules/mod_log_forensic.so +#LoadModule logio_module modules/mod_logio.so +LoadModule env_module modules/mod_env.so +#LoadModule mime_magic_module modules/mod_mime_magic.so +#LoadModule expires_module modules/mod_expires.so +LoadModule headers_module modules/mod_headers.so +#LoadModule usertrack_module modules/mod_usertrack.so +#LoadModule unique_id_module modules/mod_unique_id.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +#LoadModule remoteip_module modules/mod_remoteip.so +#LoadModule session_module modules/mod_session.so +#LoadModule session_cookie_module modules/mod_session_cookie.so +#LoadModule session_dbd_module modules/mod_session_dbd.so +#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so +#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so +#LoadModule dialup_module modules/mod_dialup.so +#LoadModule mpm_event_module modules/mod_mpm_event.so +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +#LoadModule mpm_worker_module modules/mod_mpm_worker.so +LoadModule unixd_module modules/mod_unixd.so +#LoadModule heartbeat_module modules/mod_heartbeat.so +#LoadModule heartmonitor_module modules/mod_heartmonitor.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +#LoadModule asis_module modules/mod_asis.so +#LoadModule info_module modules/mod_info.so +#LoadModule suexec_module modules/mod_suexec.so + + #LoadModule cgid_module modules/mod_cgid.so + + + #LoadModule cgi_module modules/mod_cgi.so + +#LoadModule vhost_alias_module modules/mod_vhost_alias.so +#LoadModule negotiation_module modules/mod_negotiation.so +LoadModule dir_module modules/mod_dir.so +#LoadModule actions_module modules/mod_actions.so +#LoadModule speling_module modules/mod_speling.so +#LoadModule userdir_module modules/mod_userdir.so +LoadModule alias_module modules/mod_alias.so +LoadModule rewrite_module modules/mod_rewrite.so + +LoadModule negotiation_module modules/mod_negotiation.so + + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +# +User apache +Group www-data + + + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin you@example.com + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +ServerSignature On + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# +ServerName webproxy + +# +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. +# + + AllowOverride All + Require all denied + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/web/html" + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # AllowOverride FileInfo AuthConfig Limit + # + AllowOverride All + + # + # Controls who can get stuff from this server. + # + Require all granted + + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# + + DirectoryIndex index.html + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog logs/error.log + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + #CustomLog logs/access.log common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + CustomLog logs/access.log combined + + + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/" + + + + + # + # ScriptSock: On threaded servers, designate the path to the UNIX + # socket used to communicate with the CGI daemon of mod_cgid. + # + #Scriptsock cgisock + + +# +# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Require all granted + + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig /etc/apache2/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + #AddType text/html .shtml + #AddOutputFilter INCLUDES .shtml + + +# +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +# + + MIMEMagicFile /etc/apache2/magic + + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# MaxRanges: Maximum number of Ranges in a request before +# returning the entire resource, or one of the special +# values 'default', 'none' or 'unlimited'. +# Default setting is to accept 200 Ranges. +#MaxRanges unlimited + +# +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall may be used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +# Defaults: EnableMMAP On, EnableSendfile Off +# +#EnableMMAP off +#EnableSendfile on + +# Load config files from the config directory "/etc/apache2/conf.d". +# +IncludeOptional /web/config/conf.d/*.conf diff --git a/docker-compose.yml b/docker-compose.yml index e1a2047..22ffaf4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -29,7 +29,7 @@ services: MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD MYSQL_USER_FILE: /run/secrets/MYSQL_USER volumes: - - html-volume:/web/html + - html-volume:/usr/local/apache2/htdocs/ secrets: - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD @@ -40,9 +40,10 @@ services: container_name: crm-alpinephp7 build: ./build-php ports: - - "80:80" + - "8080:80" + - "443:443" volumes: - - html-volume:/web/html + - html-volume:/usr/local/apache2/htdocs/ volumes: html-volume: From 2b3f209131def296089b29246db00c221cb43353 Mon Sep 17 00:00:00 2001 From: Skipper Date: Tue, 13 Mar 2018 10:07:11 -0500 Subject: [PATCH 10/21] adding SSL --- build-php/Dockerfile | 17 ++++++++++++++++- build-php/server.csr.cnf | 14 ++++++++++++++ build-php/v3.ext | 7 +++++++ 3 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 build-php/server.csr.cnf create mode 100644 build-php/v3.ext diff --git a/build-php/Dockerfile b/build-php/Dockerfile index b16a1b4..1a72850 100644 --- a/build-php/Dockerfile +++ b/build-php/Dockerfile @@ -1,3 +1,16 @@ +FROM alpine:3.7 as localssl +MAINTAINER ChurchCRM + +COPY ./server.csr.cnf / +COPY ./v3.ext / + +RUN apk update && \ + apk add openssl bash && \ + /bin/bash -c "openssl genrsa -des3 -passout pass:xxxx -out rootCA.key 2048" && \ + /bin/bash -c "openssl req -x509 -passin pass:xxxx -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config <( cat server.csr.cnf )" && \ + /bin/bash -c "openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )" && \ + /bin/bash -c "openssl x509 -req -passin pass:xxxx -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext" + FROM nimmis/alpine-apache-php7 MAINTAINER ChurchCRM @@ -15,7 +28,9 @@ RUN apk add --no-cache \ php7-iconv@community \ php7-fileinfo@community -COPY ./httpd.conf /etc/apache2 +#COPY ./httpd.conf /etc/apache2 COPY churchcrm /etc/run_once +COPY --from=localssl /server.key /web/config/ +COPY --from=localssl /server.crt /web/config/ RUN chmod +x /etc/run_once/churchcrm WORKDIR /web/html diff --git a/build-php/server.csr.cnf b/build-php/server.csr.cnf new file mode 100644 index 0000000..f2daed9 --- /dev/null +++ b/build-php/server.csr.cnf @@ -0,0 +1,14 @@ +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +C=US +ST=Tennessee +L=Nashville +O=End Point +OU=Testing Domain +emailAddress=your-administrative-address@your-awesome-existing-domain.com +CN = localhost diff --git a/build-php/v3.ext b/build-php/v3.ext new file mode 100644 index 0000000..ab9de5f --- /dev/null +++ b/build-php/v3.ext @@ -0,0 +1,7 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost From b6b3b642541a7b9913cfb5db6a81221508f272ff Mon Sep 17 00:00:00 2001 From: Skipper Date: Tue, 13 Mar 2018 17:01:58 -0500 Subject: [PATCH 11/21] Added SSL, Moved over to Apache Image --- build-apache/Dockerfile | 19 -- build-apache/html/index.html | 1 - build-churchcrm/Dockerfile | 27 -- build-churchcrm/configsetup | 9 - build-php/Dockerfile | 43 --- build-php/server.crt | 18 -- build-php/server.key | 28 -- build-phpold/Dockerfile | 45 --- build-phpold/crmsetup | 4 - build-phpold/httpd.conf | 469 -------------------------------- build/Dockerfile | 93 +++++++ build/configsetup | 16 ++ {build-php => build}/httpd.conf | 21 +- docker-compose.yml | 33 +-- 14 files changed, 133 insertions(+), 693 deletions(-) delete mode 100644 build-apache/Dockerfile delete mode 100644 build-apache/html/index.html delete mode 100644 build-churchcrm/Dockerfile delete mode 100644 build-churchcrm/configsetup delete mode 100644 build-php/Dockerfile delete mode 100644 build-php/server.crt delete mode 100644 build-php/server.key delete mode 100644 build-phpold/Dockerfile delete mode 100644 build-phpold/crmsetup delete mode 100644 build-phpold/httpd.conf create mode 100644 build/Dockerfile create mode 100644 build/configsetup rename {build-php => build}/httpd.conf (98%) diff --git a/build-apache/Dockerfile b/build-apache/Dockerfile deleted file mode 100644 index 8953b62..0000000 --- a/build-apache/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM alpine:3.7 as localssl -MAINTAINER ChurchCRM - -RUN apk update && \ - apk add openssl && \ - openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ - openssl rsa -passin pass:x -in server.pass.key -out server.key && \ - rm server.pass.key && \ - openssl req -new -key server.key -out server.csr \ - -subj "/C=US/ST=Tennessee/L=Nashville/O=OrgName/OU=IT Department/CN=localhost" && \ - openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt - - -FROM httpd:2-alpine - -COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf -COPY --from=localssl /server.key /usr/local/apache2/conf/ -COPY --from=localssl /server.crt /usr/local/apache2/conf/ -COPY ./html /usr/local/apache2/htdocs/ diff --git a/build-apache/html/index.html b/build-apache/html/index.html deleted file mode 100644 index 6f8443d..0000000 --- a/build-apache/html/index.html +++ /dev/null @@ -1 +0,0 @@ -

You made it!

diff --git a/build-churchcrm/Dockerfile b/build-churchcrm/Dockerfile deleted file mode 100644 index 3c0e13b..0000000 --- a/build-churchcrm/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -FROM alpine:3.7 as churchcrm -MAINTAINER ChurchCRM - -WORKDIR / - -RUN apk add --no-cache \ - curl \ - wget \ - ca-certificates - -RUN crmlatest=$(curl -s https://api.github.com/repos/churchCRM/CRM/releases/latest | grep "browser_download_url.*zip" | cut -d '"' -f 4); \ - wget $crmlatest; \ - unzip -q *.zip && \ - cp /churchcrm/Include/Config.php.example /churchcrm/Include/Config.php - - -FROM alpine:3.7 - -COPY --from=churchcrm /churchcrm /usr/local/apache2/htdocs/ - -#COPY ./configsetup /usr/local/bin -#RUN chmod +x /usr/local/bin/configsetup - -WORKDIR /usr/local/apache2/htdocs/ - -#ENTRYPOINT ["/usr/local/bin/configsetup"] -CMD ["/bin/sh"] diff --git a/build-churchcrm/configsetup b/build-churchcrm/configsetup deleted file mode 100644 index ccd1e35..0000000 --- a/build-churchcrm/configsetup +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /web/html/Include/Config.php && \ -sed -i "s/||DB_NAME||/$MYSQL_DATABASE/g" /web/html/Include/Config.php && \ -sed -i "s/||DB_USER||/$MYSQL_USER/g" /web/html/Include/Config.php && \ -sed -i "s/||DB_PASSWORD||/$MYSQL_PASSWORD/g" /web/html/Include/Config.php && \ -sed -i "s/||URL||//g" /web/html/Include/Config.php && \ -sed -i "s/||ROOT_PATH||//g" /web/html/Include/Config.php - -exec "$@" diff --git a/build-php/Dockerfile b/build-php/Dockerfile deleted file mode 100644 index 914cf87..0000000 --- a/build-php/Dockerfile +++ /dev/null @@ -1,43 +0,0 @@ -FROM alpine:3.7 as localssl -MAINTAINER ChurchCRM - -RUN apk update && \ - apk add openssl && \ - openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ - openssl rsa -passin pass:x -in server.pass.key -out server.key && \ - rm server.pass.key && \ - openssl req -new -key server.key -out server.csr \ - -subj "/C=US/ST=Tennessee/L=Nashville/O=OrgName/OU=IT Department/CN=localhost" && \ - openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt - - -FROM httpd:2-alpine - -RUN echo "@community http://dl-4.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \ - echo "@testing http://dl-4.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories - -RUN apk update --repository http://dl-4.alpinelinux.org/alpine/edge/community \ - --repository https://nl.alpinelinux.org/alpine/edge/main && \ - apk upgrade && \ - apk add --no-cache \ - libressl \ - curl \ - openssl \ - php7 \ - php7-apache2 \ - php7-openssl \ - php7-mbstring \ - php7-apcu \ - php7-intl \ - php7-mcrypt \ - php7-json \ - php7-gd \ - php7-curl \ - php7-fpm \ - php7-mysqlnd \ - php7-sqlite3 \ - php7-phar - -COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf -COPY --from=localssl /server.key /usr/local/apache2/conf/ -COPY --from=localssl /server.crt /usr/local/apache2/conf/ diff --git a/build-php/server.crt b/build-php/server.crt deleted file mode 100644 index ed1b7cb..0000000 --- a/build-php/server.crt +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC2zCCAcOgAwIBAgIJAOgLHIShDjwEMA0GCSqGSIb3DQEBCwUAMBwxGjAYBgNV -BAMTEWRldi5teWNvbXBhbnkuY29tMB4XDTE4MDMwOTIwMzgxMVoXDTI4MDMwNjIw -MzgxMVowHDEaMBgGA1UEAxMRZGV2Lm15Y29tcGFueS5jb20wggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDRRBiQ11f2eti/w0nhtMdtQQn2Lt1erdqpc5Rg -YRqn9ywb0L5rKqdOVhAOolb+8V3LPAupt0P+HKrk1TLzeYspfl9r6d+mVztgcyRe -AK6UCEvY9B9LGhCZ3fL9dW1Xqu/F7dFnZ+yEiEQDnQAphNEfhNKLQiP05B/NidxD -ioCL/16gttNd6pWv2w59pssjMTzX+N+KpPrmpkHhvzkVjX9TYqlBmKRLIkevPLdi -SEgRxhr/c3iWLXUXaKDxiYzkx9wA8njtnwJr7PS3FEU0DF4EMK1YxDDLuX00qCGf -peYUc07PgNni3Fvyt83uXXXCcVT/06Zh0/S++ZshJ+c54sElAgMBAAGjIDAeMBwG -A1UdEQQVMBOCEWRldi5teWNvbXBhbnkuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBv -rBr7duT2BgmBguUzviVgy1dGr+QkuXwoEi+myXDLxm3KAU8XOCp5mgdUyfM1mTb1 -Hj6tsHXZhqY5nQtKmR4aPSbNf3imhojqG0zEYXZwnHNCBs1SuSylV6MVVLRyjTXi -zawwMEZ0pj+cutfABxgTXNT9uPuZ8RwTj3tGljE6KsucnMBL2c/MW/i3NQS/sku2 -ZoriIZ+RIGoNh1ZfPKK8BiRxBNvwpALVH0Tt2VggCOqliAxjTZDmvn+0inHH05ZK -G3frMu54toM/4QtRzc5lLIL+lmsHR9jCAHb8D1Nv0GmVO4rXRWTtjgt9pi6PB/i3 -qzcJzuafOpDYVQH330yp ------END CERTIFICATE----- diff --git a/build-php/server.key b/build-php/server.key deleted file mode 100644 index fc0f4e9..0000000 --- a/build-php/server.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRRBiQ11f2eti/ -w0nhtMdtQQn2Lt1erdqpc5RgYRqn9ywb0L5rKqdOVhAOolb+8V3LPAupt0P+HKrk -1TLzeYspfl9r6d+mVztgcyReAK6UCEvY9B9LGhCZ3fL9dW1Xqu/F7dFnZ+yEiEQD -nQAphNEfhNKLQiP05B/NidxDioCL/16gttNd6pWv2w59pssjMTzX+N+KpPrmpkHh -vzkVjX9TYqlBmKRLIkevPLdiSEgRxhr/c3iWLXUXaKDxiYzkx9wA8njtnwJr7PS3 -FEU0DF4EMK1YxDDLuX00qCGfpeYUc07PgNni3Fvyt83uXXXCcVT/06Zh0/S++Zsh -J+c54sElAgMBAAECggEBALkImSAZCPIsFVMZ/k3QZzW3eHNxZNO+rcV/KQc/VS6H -Yz0FChoAEQc3GeOWr42lJeX6JeXe4gPinUjRKsgWBHKgBweIN/UA1MOni9SCjdre -qxIeaT0iwuMKWTy7g/8sae59JddlEMDvLBR10hrkEXTpILF5vglfXK+E4nnmEVu2 -yjXubGFMcIEnu0sOeOV1Sfso731NhT8HPty+rrxs+m2agC5mQ/uP9E2rHU5ajBTl -X0eXOVQAoTkIExwc+fwc3zPot5LYXrScOk48kJxoCFOHkZZAT/RPEkgj7edZ3Bom -qxmJfx0FisfaVS4G5QA+xWSl7ftD5kTgf5jK9u2c/lECgYEA//KjcA5h7CGk82ec -04/DvK0l4SbPEbjfdBCzuui4d//GigQp7beqgW2qbnOn5JJh9geLe36y/F0pZyJK -5T7kDp9ndUABwCJWetFgC78zFiUOjyS8kwDbCXgiaXyheEU5S4LVTNXmlg+r4uut -KwuRB/cMQHJl3oHN9aJI4RbCUQsCgYEA0U8FQjJI4THKeDxA6A+grasMxCdzAzk1 -IikOsZD+Iu9bqv79bnPazau5ShMDBHun+4+ZztmfBwrkSkcx+bmdojmW1qwKtNOe -7X18P2zJtZfHNp3V3NuJenj5VOrOjWxBtkDB2VNFJu4Rf1tqG1webMqrE92lCXWZ -eECIwVvr9I8CgYBfbKVGt/YGRZzsKusrbWQ6ygtfYEq/fr/A1CFOREnSY4gwGNFR -EbL+QlbSi0hDTdg8FCAK0PgGYu12yDBIPCRm10OJUW3Vpne7nqhCeOyhCvvcnoO4 -Aw+m/iVGUvMYliaAYq0H0o//zqP1HI0ZiVxvLcphlMUqKhcRx4mIciXMdQKBgQCh -LPpdqR8Z2h+RSsSobjBKy2a/PamBF/JkZb1c2sv31t195XD+NtSMf+nkspMmRppq -SoAkGswsviRhVkWTiW1rWHFgyYZNDJBbTL/6jykcXs4Wrp/avGs3FiTZUR7RJEXN -tDwRv9+GRNjQe3JPszXyjHYEjC7kA9y0Du3AB6rA3QKBgC5NaTG3UayjabUOgBkW -us6/KTBoyy/FbSPEXxfrHjWwkSADEqZrnPQYh4lNYrrLIEyklJbYatzhxwx9d9ux -zyh1H2IG4NUWJqu5nCMPo9Ce3u/fmnODfw72pFtTtmMendpBVrbWJL5OEdj0SChC -0bFC12yEdJrEi9QSJri8BbDw ------END PRIVATE KEY----- diff --git a/build-phpold/Dockerfile b/build-phpold/Dockerfile deleted file mode 100644 index 124a810..0000000 --- a/build-phpold/Dockerfile +++ /dev/null @@ -1,45 +0,0 @@ -FROM alpine:3.7 as localssl -MAINTAINER ChurchCRM - -RUN apk update && \ - apk add openssl && \ - openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ - openssl rsa -passin pass:x -in server.pass.key -out server.key && \ - rm server.pass.key && \ - openssl req -new -key server.key -out server.csr \ - -subj "/C=US/ST=Tennessee/L=Nashville/O=OrgName/OU=IT Department/CN=localhost" && \ - openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt - -# Create Alpine-apache-Php7 image as well as copy certificates over -FROM nimmis/alpine-apache-php7 -MAINTAINER ChurchCRM - -RUN apk update --repository http://dl-4.alpinelinux.org/alpine/edge/community \ - --repository https://nl.alpinelinux.org/alpine/edge/main - -RUN apk add --no-cache \ - php7-session@community \ - php7-pdo@community \ - php7-xml@community \ - php7-exif@community \ - php7-pdo_mysql@community \ - php7-mysqli@community \ - php7-gettext@community \ - php7-iconv@community \ - php7-fileinfo@community && \ - sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 16M/g" /etc/php7/php.ini && \ - sed -i "s/post_max_size = 8M/post_max_size = 32M/g" /etc/php7/php.ini && \ - mkdir /etc/apache2/certificates - -COPY --from=localssl /server.key /etc/apache2/certificates -COPY --from=localssl /server.crt /etc/apache2/certificates - -#COPY ./httpd.conf /etc/apache2 - -#COPY ./crmsetup /usr/local/bin -#RUN chmod +x /usr/local/bin/crmsetup - -WORKDIR /web/html - -#ENTRYPOINT ["/usr/local/bin/crmsetup"] -#CMD ["/boot.sh"] diff --git a/build-phpold/crmsetup b/build-phpold/crmsetup deleted file mode 100644 index e611fce..0000000 --- a/build-phpold/crmsetup +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -#chown -R apache:apache /web/html - -exec "$@" diff --git a/build-phpold/httpd.conf b/build-phpold/httpd.conf deleted file mode 100644 index 44c858c..0000000 --- a/build-phpold/httpd.conf +++ /dev/null @@ -1,469 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/access_log" -# with ServerRoot set to "/usr/local/apache2" will be interpreted by the -# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" -# will be interpreted as '/logs/access_log'. - -# -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minor | Minimal | Major | Prod -# where Full conveys the most information, and Prod the least. -# -ServerTokens OS - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot /web - -# -# Mutex: Allows you to set the mutex mechanism and mutex file directory -# for individual mutexes, or change the global defaults -# -# Uncomment and change the directory if mutexes are file-based and the default -# mutex file directory is not on a local disk or is not appropriate for some -# other reason. -# -# Mutex default:/run/apache2 - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule authn_file_module modules/mod_authn_file.so -#LoadModule authn_dbm_module modules/mod_authn_dbm.so -#LoadModule authn_anon_module modules/mod_authn_anon.so -#LoadModule authn_dbd_module modules/mod_authn_dbd.so -#LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_user_module modules/mod_authz_user.so -#LoadModule authz_dbm_module modules/mod_authz_dbm.so -#LoadModule authz_owner_module modules/mod_authz_owner.so -#LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule auth_basic_module modules/mod_auth_basic.so -#LoadModule auth_form_module modules/mod_auth_form.so -#LoadModule auth_digest_module modules/mod_auth_digest.so -#LoadModule allowmethods_module modules/mod_allowmethods.so -#LoadModule file_cache_module modules/mod_file_cache.so -#LoadModule cache_module modules/mod_cache.so -#LoadModule cache_disk_module modules/mod_cache_disk.so -#LoadModule cache_socache_module modules/mod_cache_socache.so -#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -#LoadModule socache_dbm_module modules/mod_socache_dbm.so -#LoadModule socache_memcache_module modules/mod_socache_memcache.so -#LoadModule watchdog_module modules/mod_watchdog.so -#LoadModule macro_module modules/mod_macro.so -#LoadModule dbd_module modules/mod_dbd.so -#LoadModule dumpio_module modules/mod_dumpio.so -#LoadModule echo_module modules/mod_echo.so -#LoadModule buffer_module modules/mod_buffer.so -#LoadModule data_module modules/mod_data.so -#LoadModule ratelimit_module modules/mod_ratelimit.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -#LoadModule ext_filter_module modules/mod_ext_filter.so -#LoadModule request_module modules/mod_request.so -#LoadModule include_module modules/mod_include.so -LoadModule filter_module modules/mod_filter.so -#LoadModule reflector_module modules/mod_reflector.so -#LoadModule substitute_module modules/mod_substitute.so -#LoadModule sed_module modules/mod_sed.so -#LoadModule charset_lite_module modules/mod_charset_lite.so -#LoadModule deflate_module modules/mod_deflate.so -LoadModule mime_module modules/mod_mime.so -LoadModule log_config_module modules/mod_log_config.so -#LoadModule log_debug_module modules/mod_log_debug.so -#LoadModule log_forensic_module modules/mod_log_forensic.so -#LoadModule logio_module modules/mod_logio.so -LoadModule env_module modules/mod_env.so -#LoadModule mime_magic_module modules/mod_mime_magic.so -#LoadModule expires_module modules/mod_expires.so -LoadModule headers_module modules/mod_headers.so -#LoadModule usertrack_module modules/mod_usertrack.so -#LoadModule unique_id_module modules/mod_unique_id.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule version_module modules/mod_version.so -#LoadModule remoteip_module modules/mod_remoteip.so -#LoadModule session_module modules/mod_session.so -#LoadModule session_cookie_module modules/mod_session_cookie.so -#LoadModule session_dbd_module modules/mod_session_dbd.so -#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -#LoadModule dialup_module modules/mod_dialup.so -#LoadModule mpm_event_module modules/mod_mpm_event.so -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -#LoadModule mpm_worker_module modules/mod_mpm_worker.so -LoadModule unixd_module modules/mod_unixd.so -#LoadModule heartbeat_module modules/mod_heartbeat.so -#LoadModule heartmonitor_module modules/mod_heartmonitor.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -#LoadModule asis_module modules/mod_asis.so -#LoadModule info_module modules/mod_info.so -#LoadModule suexec_module modules/mod_suexec.so - - #LoadModule cgid_module modules/mod_cgid.so - - - #LoadModule cgi_module modules/mod_cgi.so - -#LoadModule vhost_alias_module modules/mod_vhost_alias.so -#LoadModule negotiation_module modules/mod_negotiation.so -LoadModule dir_module modules/mod_dir.so -#LoadModule actions_module modules/mod_actions.so -#LoadModule speling_module modules/mod_speling.so -#LoadModule userdir_module modules/mod_userdir.so -LoadModule alias_module modules/mod_alias.so -LoadModule rewrite_module modules/mod_rewrite.so - -LoadModule negotiation_module modules/mod_negotiation.so - - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User apache -Group www-data - - - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin you@example.com - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -ServerName webproxy - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# blocks below. -# - - AllowOverride All - Require all denied - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/web/html" - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # AllowOverride FileInfo AuthConfig Limit - # - AllowOverride All - - # - # Controls who can get stuff from this server. - # - Require all granted - - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# - - DirectoryIndex index.html - - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error.log - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - - - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a - # container, they will be logged here. Contrariwise, if you *do* - # define per- access logfiles, transactions will be - # logged therein and *not* in this file. - # - #CustomLog logs/access.log common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - CustomLog logs/access.log combined - - - - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/" - - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - -# -# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Require all granted - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig /etc/apache2/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - #AddType text/html .shtml - #AddOutputFilter INCLUDES .shtml - - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# - - MIMEMagicFile /etc/apache2/magic - - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# MaxRanges: Maximum number of Ranges in a request before -# returning the entire resource, or one of the special -# values 'default', 'none' or 'unlimited'. -# Default setting is to accept 200 Ranges. -#MaxRanges unlimited - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -#EnableSendfile on - -# Load config files from the config directory "/etc/apache2/conf.d". -# -IncludeOptional /web/config/conf.d/*.conf diff --git a/build/Dockerfile b/build/Dockerfile new file mode 100644 index 0000000..e913c42 --- /dev/null +++ b/build/Dockerfile @@ -0,0 +1,93 @@ +FROM alpine:3.7 as crmandssl +MAINTAINER ChurchCRM + +# Setup Certificates +RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \ + echo "@community http://dl-3.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \ + echo "@testing http://dl-3.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ + apk update --repository http://dl-3.alpinelinux.org/alpine/edge/main \ + --repository http://dl-3.alpinelinux.org/alpine/edge/community \ + --repository http://dl-3.alpinelinux.org/alpine/edge/testing && \ + apk add --upgrade apk-tools@edge && \ + apk upgrade && \ + apk add --no-cache \ + ca-certificates \ + curl \ + openssl \ + wget && \ + openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out server.key && \ + rm server.pass.key && \ + openssl req -new -key server.key -out server.csr \ + -subj "/C=US/ST=Tennessee/L=Nashville/O=OrgName/OU=IT Department/CN=localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt + +# Download Latest Version of ChurchCRM +RUN crmlatest=$(curl -s https://api.github.com/repos/churchCRM/CRM/releases/latest | grep "browser_download_url.*zip" | cut -d '"' -f 4); \ + wget $crmlatest; \ + unzip -q *.zip + + +# Setup a new image that copies files from crmandssl into their correct locations. Pulling from the Apache Alpine repo +FROM httpd:2-alpine + +# Install neccessary packages +RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \ + echo "@community http://dl-3.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \ + echo "@testing http://dl-3.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ + apk update --repository http://dl-3.alpinelinux.org/alpine/edge/main \ + --repository http://dl-3.alpinelinux.org/alpine/edge/community \ + --repository http://dl-3.alpinelinux.org/alpine/edge/testing && \ + apk add --upgrade apk-tools@edge && \ + apk upgrade && \ + apk add --no-cache \ + curl \ + libressl \ + openssl \ + php7 \ + php7-apache2 \ + php7-apcu \ + php7-curl \ + php7-exif \ + php7-fileinfo \ + php7-gd \ + php7-gettext \ + php7-iconv \ + php7-intl \ + php7-json \ + php7-mbstring \ + php7-mcrypt \ + php7-mysqli \ + php7-mysqlnd \ + php7-openssl \ + php7-pdo \ + php7-pdo_mysql \ + php7-phar \ + php7-session \ + php7-sqlite3 \ + php7-xml && \ + ln -s /usr/lib/apache2/mod_php7.so /usr/local/apache2/modules && \ + cd /tmp && curl -sS https://getcomposer.org/installer | php && mv composer.phar /usr/local/bin/composer + +# Copy Apache configurations +COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf + +# Copy certificates into image +COPY --from=crmandssl /server.key /usr/local/apache2/conf/ +COPY --from=crmandssl /server.crt /usr/local/apache2/conf/ +COPY --from=crmandssl /churchcrm/ /usr/local/apache2/htdocs/ + +# Copy CRM setup file into image +COPY ./configsetup /usr/local/bin + +# Set work directory to the web host path +WORKDIR /usr/local/apache2/htdocs/ + +# Modify php.ini and set config setup to be an executable +RUN sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 16M/g" /etc/php7/php.ini && \ + sed -i "s/post_max_size = 8M/post_max_size = 32M/g" /etc/php7/php.ini && \ + chmod +x /usr/local/bin/configsetup + +# Run the configsetup file on container start +ENTRYPOINT ["/usr/local/bin/configsetup"] +CMD ["httpd-foreground"] diff --git a/build/configsetup b/build/configsetup new file mode 100644 index 0000000..5b62036 --- /dev/null +++ b/build/configsetup @@ -0,0 +1,16 @@ +#!/bin/sh +cp /usr/local/apache2/htdocs/Include/Config.php.example /usr/local/apache2/htdocs/Include/Config.php + +MYSQL_USER=$(cat /run/secrets/MYSQL_USER) +MYSQL_PASSWORD=$(cat /run/secrets/MYSQL_PASSWORD) + +sed -i "s/ServerName www.example.com:443/ServerName localhost:443/g" /usr/local/apache2/conf/extra/httpd-ssl.conf +#sed -i "s/Listen 443/Listen 172.22.0.3:443/g" /usr/local/apache2/conf/extra/httpd-ssl.conf +sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /usr/local/apache2/htdocs/Include/Config.php +sed -i "s/||DB_NAME||/$MYSQL_DATABASE/g" /usr/local/apache2/htdocs/Include/Config.php +sed -i "s/||DB_USER||/$MYSQL_USER/g" /usr/local/apache2/htdocs/Include/Config.php +sed -i "s/||DB_PASSWORD||/$MYSQL_PASSWORD/g" /usr/local/apache2/htdocs/Include/Config.php +sed -i "s/||URL||//g" /usr/local/apache2/htdocs/Include/Config.php +sed -i "s/||ROOT_PATH||//g" /usr/local/apache2/htdocs/Include/Config.php + +exec "$@" diff --git a/build-php/httpd.conf b/build/httpd.conf similarity index 98% rename from build-php/httpd.conf rename to build/httpd.conf index 4759cb9..207dbd2 100644 --- a/build-php/httpd.conf +++ b/build/httpd.conf @@ -49,7 +49,7 @@ ServerRoot "/usr/local/apache2" # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 -Listen 80 +Listen 0.0.0.0:80 # # Dynamic Shared Object (DSO) Support @@ -63,8 +63,8 @@ Listen 80 # Example: # LoadModule foo_module modules/mod_foo.so # -LoadModule mpm_event_module modules/mod_mpm_event.so -#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +#LoadModule mpm_event_module modules/mod_mpm_event.so +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so #LoadModule mpm_worker_module modules/mod_mpm_worker.so LoadModule authn_file_module modules/mod_authn_file.so #LoadModule authn_dbm_module modules/mod_authn_dbm.so @@ -129,7 +129,7 @@ LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so #LoadModule mime_magic_module modules/mod_mime_magic.so #LoadModule cern_meta_module modules/mod_cern_meta.so -#LoadModule expires_module modules/mod_expires.so +LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so #LoadModule ident_module modules/mod_ident.so #LoadModule usertrack_module modules/mod_usertrack.so @@ -187,12 +187,13 @@ LoadModule autoindex_module modules/mod_autoindex.so #LoadModule vhost_alias_module modules/mod_vhost_alias.so #LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so +LoadModule php7_module modules/mod_php7.so #LoadModule imagemap_module modules/mod_imagemap.so #LoadModule actions_module modules/mod_actions.so #LoadModule speling_module modules/mod_speling.so #LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so -#LoadModule rewrite_module modules/mod_rewrite.so +LoadModule rewrite_module modules/mod_rewrite.so # @@ -203,8 +204,8 @@ LoadModule alias_module modules/mod_alias.so # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # -User daemon -Group daemon +User apache +Group www-data @@ -234,7 +235,7 @@ ServerAdmin you@example.com # # If your host doesn't have a registered DNS name, enter its IP address here. # -#ServerName www.example.com:80 +ServerName 0.0.0.0:80 # # Deny access to the entirety of your server's filesystem. You must @@ -279,7 +280,7 @@ DocumentRoot "/usr/local/apache2/htdocs" # It can be "All", "None", or any combination of the keywords: # AllowOverride FileInfo AuthConfig Limit # - AllowOverride None + AllowOverride ALL # # Controls who can get stuff from this server. @@ -430,7 +431,7 @@ LogLevel warn # AddType application/x-compress .Z AddType application/x-gzip .gz .tgz - + AddType application/x-httpd-php .php # # AddHandler allows you to map certain file extensions to "handlers": # actions unrelated to filetype. These can be either built into the server diff --git a/docker-compose.yml b/docker-compose.yml index 22ffaf4..b94b3a6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,45 +14,38 @@ services: MYSQL_DATABASE: churchcrm MYSQL_USER_FILE: /run/secrets/MYSQL_USER MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD + volumes: + - db-volume:/var/lib/mysql secrets: - MYSQL_PASSWORD - MYSQL_ROOT_PASSWORD - MYSQL_USER - churchcrm: - container_name: churchcrm - build: - context: ./build-churchcrm + alpinephp7: + container_name: crm-alpinephp7 + build: ./build + ports: + - "80:80" + - "443:443" environment: MYSQL_DATABASE: churchcrm MYSQL_DB_HOST: crmdatabase MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD MYSQL_USER_FILE: /run/secrets/MYSQL_USER volumes: - - html-volume:/usr/local/apache2/htdocs/ + - churchcrm-volume:/usr/local/apache2/htdocs secrets: - MYSQL_PASSWORD - - MYSQL_ROOT_PASSWORD - MYSQL_USER - tty: true - - alpinephp7: - container_name: crm-alpinephp7 - build: ./build-php - ports: - - "8080:80" - - "443:443" - volumes: - - html-volume:/usr/local/apache2/htdocs/ - -volumes: - html-volume: secrets: - MYSQL_ROOT_PASSWORD: file: ./secrets/MYSQL_ROOT_PASSWORD MYSQL_PASSWORD: file: ./secrets/MYSQL_PASSWORD MYSQL_USER: file: ./secrets/MYSQL_USER + +volumes: + churchcrm-volume: + db-volume: From 215a5a71681e4381e0c47e4aa30ecf61c6909d03 Mon Sep 17 00:00:00 2001 From: Skipper Date: Tue, 13 Mar 2018 17:44:08 -0500 Subject: [PATCH 12/21] All in one image Moved ChurchCRM into one Image with php/apache --- build/Dockerfile | 56 ++++++++++++++++------------------------------ docker-compose.yml | 4 ++-- 2 files changed, 21 insertions(+), 39 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index e913c42..75745d2 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,34 +1,3 @@ -FROM alpine:3.7 as crmandssl -MAINTAINER ChurchCRM - -# Setup Certificates -RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \ - echo "@community http://dl-3.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories && \ - echo "@testing http://dl-3.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \ - apk update --repository http://dl-3.alpinelinux.org/alpine/edge/main \ - --repository http://dl-3.alpinelinux.org/alpine/edge/community \ - --repository http://dl-3.alpinelinux.org/alpine/edge/testing && \ - apk add --upgrade apk-tools@edge && \ - apk upgrade && \ - apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - wget && \ - openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ - openssl rsa -passin pass:x -in server.pass.key -out server.key && \ - rm server.pass.key && \ - openssl req -new -key server.key -out server.csr \ - -subj "/C=US/ST=Tennessee/L=Nashville/O=OrgName/OU=IT Department/CN=localhost" && \ - openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt - -# Download Latest Version of ChurchCRM -RUN crmlatest=$(curl -s https://api.github.com/repos/churchCRM/CRM/releases/latest | grep "browser_download_url.*zip" | cut -d '"' -f 4); \ - wget $crmlatest; \ - unzip -q *.zip - - -# Setup a new image that copies files from crmandssl into their correct locations. Pulling from the Apache Alpine repo FROM httpd:2-alpine # Install neccessary packages @@ -66,16 +35,29 @@ RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/reposi php7-session \ php7-sqlite3 \ php7-xml && \ - ln -s /usr/lib/apache2/mod_php7.so /usr/local/apache2/modules && \ - cd /tmp && curl -sS https://getcomposer.org/installer | php && mv composer.phar /usr/local/bin/composer + ln -s /usr/lib/apache2/mod_php7.so /usr/local/apache2/modules # Copy Apache configurations COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf -# Copy certificates into image -COPY --from=crmandssl /server.key /usr/local/apache2/conf/ -COPY --from=crmandssl /server.crt /usr/local/apache2/conf/ -COPY --from=crmandssl /churchcrm/ /usr/local/apache2/htdocs/ +# SSL Generation +WORKDIR /usr/local/apache2/conf/ + +RUN openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ + openssl rsa -passin pass:x -in server.pass.key -out server.key && \ + rm server.pass.key && \ + openssl req -new -key server.key -out server.csr \ + -subj "/C=US/ST=Tennessee/L=Nashville/O=OrgName/OU=IT Department/CN=localhost" && \ + openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt + +# Download Latest Version of ChurchCRM +WORKDIR /usr/local/apache2/ + +RUN crmlatest=$(curl -s https://api.github.com/repos/churchCRM/CRM/releases/latest | grep "browser_download_url.*zip" | cut -d '"' -f 4); \ + wget $crmlatest && \ + unzip -q *.zip && \ + rm -R *.zip htdocs && \ + mv churchcrm htdocs # Copy CRM setup file into image COPY ./configsetup /usr/local/bin diff --git a/docker-compose.yml b/docker-compose.yml index b94b3a6..b316c9b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -33,7 +33,7 @@ services: MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD MYSQL_USER_FILE: /run/secrets/MYSQL_USER volumes: - - churchcrm-volume:/usr/local/apache2/htdocs + - churchcrm-images:/usr/local/apache2/htdocs/Images secrets: - MYSQL_PASSWORD - MYSQL_USER @@ -47,5 +47,5 @@ secrets: file: ./secrets/MYSQL_USER volumes: - churchcrm-volume: + churchcrm-images: db-volume: From a8bcf14feed254d2b12c3fc766585f39e7ab5ab6 Mon Sep 17 00:00:00 2001 From: Skipper Date: Tue, 13 Mar 2018 18:53:20 -0500 Subject: [PATCH 13/21] Moved db over to alpine --- build-mysql/Dockerfile | 16 ++++++ build-mysql/startup.sh | 54 +++++++++++++++++++ build/Dockerfile | 14 ++--- build/configsetup | 9 ++-- build/server.csr.cnf | 14 +++++ build/v3.ext | 7 +++ docker-compose.yml | 38 ++++++------- secrets/{MYSQL_PASSWORD => MYSQL_ROOT_PWD} | 0 .../{MYSQL_ROOT_PASSWORD => MYSQL_USER_PWD} | 0 9 files changed, 124 insertions(+), 28 deletions(-) create mode 100644 build-mysql/Dockerfile create mode 100644 build-mysql/startup.sh create mode 100644 build/server.csr.cnf create mode 100644 build/v3.ext rename secrets/{MYSQL_PASSWORD => MYSQL_ROOT_PWD} (100%) rename secrets/{MYSQL_ROOT_PASSWORD => MYSQL_USER_PWD} (100%) diff --git a/build-mysql/Dockerfile b/build-mysql/Dockerfile new file mode 100644 index 0000000..1483e69 --- /dev/null +++ b/build-mysql/Dockerfile @@ -0,0 +1,16 @@ +FROM alpine:latest +MAINTAINER ChurchCRM + +RUN apk update && \ + apk upgrade && \ + apk add --no-cache \ + mariadb mariadb-client && \ + addgroup mysql mysql && \ + mkdir /scripts + +COPY ./startup.sh /scripts/startup.sh +RUN chmod +x /scripts/startup.sh + +EXPOSE 3306 + +ENTRYPOINT ["/scripts/startup.sh"] diff --git a/build-mysql/startup.sh b/build-mysql/startup.sh new file mode 100644 index 0000000..253026c --- /dev/null +++ b/build-mysql/startup.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +# parameters +MYSQL_DATADIR=${MYSQL_DATADIR:-"/var/lib/mysql"} +MYSQL_ROOT_PWD=$(cat /run/secrets/MYSQL_ROOT_PWD) +MYSQL_USER=$(cat /run/secrets/MYSQL_USER) +MYSQL_USER_PWD=$(cat /run/secrets/MYSQL_USER_PWD) +MYSQL_USER_DB=$MYSQL_USER_DB + +if [ -d "/run/mysqld" ]; then + echo "[i] MySQL directory already present, skipping creation" +else + echo "[i] mysqld not found, creating...." + mkdir -p /run/mysqld + chown -R mysql:mysql /run/mysqld + echo 'Initializing database' + mkdir -p "$MYSQL_DATADIR/mysql" + chown -R mysql:mysql $MYSQL_DATADIR + mysql_install_db --user=mysql --datadir="$MYSQL_DATADIR" --rpm + echo 'Database initialized' + + tfile=`mktemp` + if [ ! -f "$tfile" ]; then + return 1 + fi + + cat << EOF > $tfile +USE mysql; +SET @@SESSION.SQL_LOG_BIN=0 ; +FLUSH PRIVILEGES ; +CREATE USER 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PWD}' ; +GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; +DROP DATABASE IF EXISTS test ; +CREATE USER '${MYSQL_USER}'@'%' IDENTIFIED BY '${MYSQL_USER_PWD}' ; +CREATE USER '${MYSQL_USER}'@'localhost' IDENTIFIED BY '${MYSQL_USER_PWD}' ; +EOF + + if [ "$MYSQL_USER_DB" != "" ]; then + echo "[i] Creating database: $MYSQL_USER_DB" + echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_USER_DB\` CHARACTER SET utf8 COLLATE utf8_general_ci;" >> $tfile + + if [ "$MYSQL_USER" != "" ]; then + echo "[i] Creating user: $MYSQL_USER with password $MYSQL_USER_PWD" + echo "GRANT ALL PRIVILEGES ON \`$MYSQL_USER_DB\`.* to '$MYSQL_USER'@'%' identified by '${MYSQL_USER_PWD}' ;" >> $tfile + echo "GRANT ALL PRIVILEGES ON \`$MYSQL_USER_DB\`.* to '$MYSQL_USER'@'localhost' identified by '${MYSQL_USER_PWD}' ;" >> $tfile + echo "FLUSH PRIVILEGES ;" >> $tfile + fi + fi + + /usr/bin/mysqld --user=mysql --bootstrap --verbose=1 --datadir="$MYSQL_DATADIR" < $tfile + rm -f "$tfile" +fi + +exec /usr/bin/mysqld --user=mysql --console --datadir="$MYSQL_DATADIR" diff --git a/build/Dockerfile b/build/Dockerfile index 75745d2..c1b4f00 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -10,6 +10,7 @@ RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/reposi apk add --upgrade apk-tools@edge && \ apk upgrade && \ apk add --no-cache \ + bash \ curl \ libressl \ openssl \ @@ -43,12 +44,13 @@ COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf # SSL Generation WORKDIR /usr/local/apache2/conf/ -RUN openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 && \ - openssl rsa -passin pass:x -in server.pass.key -out server.key && \ - rm server.pass.key && \ - openssl req -new -key server.key -out server.csr \ - -subj "/C=US/ST=Tennessee/L=Nashville/O=OrgName/OU=IT Department/CN=localhost" && \ - openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt +COPY ./server.csr.cnf . +COPY ./v3.ext . + +RUN /bin/bash -c "openssl genrsa -des3 -passout pass:xxxx -out rootCA.key 2048" && \ + /bin/bash -c "openssl req -x509 -passin pass:xxxx -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config <( cat server.csr.cnf )" && \ + /bin/bash -c "openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )" && \ + /bin/bash -c "openssl x509 -req -passin pass:xxxx -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext" # Download Latest Version of ChurchCRM WORKDIR /usr/local/apache2/ diff --git a/build/configsetup b/build/configsetup index 5b62036..04ea5d4 100644 --- a/build/configsetup +++ b/build/configsetup @@ -1,15 +1,18 @@ #!/bin/sh cp /usr/local/apache2/htdocs/Include/Config.php.example /usr/local/apache2/htdocs/Include/Config.php +# Import Docker Secrets MYSQL_USER=$(cat /run/secrets/MYSQL_USER) -MYSQL_PASSWORD=$(cat /run/secrets/MYSQL_PASSWORD) +MYSQL_USER_PWD=$(cat /run/secrets/MYSQL_USER_PWD) +#Add Server Name to HTTPD-SSL sed -i "s/ServerName www.example.com:443/ServerName localhost:443/g" /usr/local/apache2/conf/extra/httpd-ssl.conf -#sed -i "s/Listen 443/Listen 172.22.0.3:443/g" /usr/local/apache2/conf/extra/httpd-ssl.conf + +# Create ChurchCRM Config File sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /usr/local/apache2/htdocs/Include/Config.php sed -i "s/||DB_NAME||/$MYSQL_DATABASE/g" /usr/local/apache2/htdocs/Include/Config.php sed -i "s/||DB_USER||/$MYSQL_USER/g" /usr/local/apache2/htdocs/Include/Config.php -sed -i "s/||DB_PASSWORD||/$MYSQL_PASSWORD/g" /usr/local/apache2/htdocs/Include/Config.php +sed -i "s/||DB_PASSWORD||/$MYSQL_USER_PWD/g" /usr/local/apache2/htdocs/Include/Config.php sed -i "s/||URL||//g" /usr/local/apache2/htdocs/Include/Config.php sed -i "s/||ROOT_PATH||//g" /usr/local/apache2/htdocs/Include/Config.php diff --git a/build/server.csr.cnf b/build/server.csr.cnf new file mode 100644 index 0000000..f2daed9 --- /dev/null +++ b/build/server.csr.cnf @@ -0,0 +1,14 @@ +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +C=US +ST=Tennessee +L=Nashville +O=End Point +OU=Testing Domain +emailAddress=your-administrative-address@your-awesome-existing-domain.com +CN = localhost diff --git a/build/v3.ext b/build/v3.ext new file mode 100644 index 0000000..ab9de5f --- /dev/null +++ b/build/v3.ext @@ -0,0 +1,7 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost diff --git a/docker-compose.yml b/docker-compose.yml index b316c9b..23e9252 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,46 +6,46 @@ version: '3.5' services: - crmdatabase: #Name of DB Host - container_name: crm-database - image: mariadb:10.2 + database: #Name of DB Host + container_name: database + build: ./build-mysql environment: - MYSQL_ROOT_PASSWORD_FILE: /run/secrets/MYSQL_ROOT_PASSWORD - MYSQL_DATABASE: churchcrm + MYSQL_ROOT_PWD_FILE: /run/secrets/MYSQL_ROOT_PWD + MYSQL_USER_DB: churchcrm MYSQL_USER_FILE: /run/secrets/MYSQL_USER - MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD + MYSQL_USER_PWD_FILE: /run/secrets/MYSQL_USER_PWD volumes: - db-volume:/var/lib/mysql secrets: - - MYSQL_PASSWORD - - MYSQL_ROOT_PASSWORD + - MYSQL_ROOT_PWD - MYSQL_USER + - MYSQL_USER_PWD - alpinephp7: - container_name: crm-alpinephp7 + churchcrm: + container_name: churchcrm build: ./build ports: - "80:80" - "443:443" environment: MYSQL_DATABASE: churchcrm - MYSQL_DB_HOST: crmdatabase - MYSQL_PASSWORD_FILE: /run/secrets/MYSQL_PASSWORD + MYSQL_DB_HOST: database + MYSQL_USER_PWD_FILE: /run/secrets/MYSQL_USER_PWD MYSQL_USER_FILE: /run/secrets/MYSQL_USER volumes: - - churchcrm-images:/usr/local/apache2/htdocs/Images + - img-volume:/usr/local/apache2/htdocs/Images secrets: - - MYSQL_PASSWORD + - MYSQL_USER_PWD - MYSQL_USER secrets: - MYSQL_ROOT_PASSWORD: - file: ./secrets/MYSQL_ROOT_PASSWORD - MYSQL_PASSWORD: - file: ./secrets/MYSQL_PASSWORD + MYSQL_ROOT_PWD: + file: ./secrets/MYSQL_ROOT_PWD MYSQL_USER: file: ./secrets/MYSQL_USER + MYSQL_USER_PWD: + file: ./secrets/MYSQL_USER_PWD volumes: - churchcrm-images: + img-volume: db-volume: diff --git a/secrets/MYSQL_PASSWORD b/secrets/MYSQL_ROOT_PWD similarity index 100% rename from secrets/MYSQL_PASSWORD rename to secrets/MYSQL_ROOT_PWD diff --git a/secrets/MYSQL_ROOT_PASSWORD b/secrets/MYSQL_USER_PWD similarity index 100% rename from secrets/MYSQL_ROOT_PASSWORD rename to secrets/MYSQL_USER_PWD From e65521b555b167bc9bd80bbd685c2d1c703eb516 Mon Sep 17 00:00:00 2001 From: Skipper Date: Tue, 13 Mar 2018 18:59:14 -0500 Subject: [PATCH 14/21] cleanup --- build-php/Dockerfile | 36 ------------------------------------ build-php/server.csr.cnf | 14 -------------- build-php/v3.ext | 7 ------- 3 files changed, 57 deletions(-) delete mode 100644 build-php/Dockerfile delete mode 100644 build-php/server.csr.cnf delete mode 100644 build-php/v3.ext diff --git a/build-php/Dockerfile b/build-php/Dockerfile deleted file mode 100644 index 1a72850..0000000 --- a/build-php/Dockerfile +++ /dev/null @@ -1,36 +0,0 @@ -FROM alpine:3.7 as localssl -MAINTAINER ChurchCRM - -COPY ./server.csr.cnf / -COPY ./v3.ext / - -RUN apk update && \ - apk add openssl bash && \ - /bin/bash -c "openssl genrsa -des3 -passout pass:xxxx -out rootCA.key 2048" && \ - /bin/bash -c "openssl req -x509 -passin pass:xxxx -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config <( cat server.csr.cnf )" && \ - /bin/bash -c "openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )" && \ - /bin/bash -c "openssl x509 -req -passin pass:xxxx -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext" - -FROM nimmis/alpine-apache-php7 -MAINTAINER ChurchCRM - -RUN apk update --repository http://dl-4.alpinelinux.org/alpine/edge/community \ - --repository https://nl.alpinelinux.org/alpine/edge/main - -RUN apk add --no-cache \ - php7-session@community \ - php7-pdo@community \ - php7-xml@community \ - php7-exif@community \ - php7-pdo_mysql@community \ - php7-mysqli@community \ - php7-gettext@community \ - php7-iconv@community \ - php7-fileinfo@community - -#COPY ./httpd.conf /etc/apache2 -COPY churchcrm /etc/run_once -COPY --from=localssl /server.key /web/config/ -COPY --from=localssl /server.crt /web/config/ -RUN chmod +x /etc/run_once/churchcrm -WORKDIR /web/html diff --git a/build-php/server.csr.cnf b/build-php/server.csr.cnf deleted file mode 100644 index f2daed9..0000000 --- a/build-php/server.csr.cnf +++ /dev/null @@ -1,14 +0,0 @@ -[req] -default_bits = 2048 -prompt = no -default_md = sha256 -distinguished_name = dn - -[dn] -C=US -ST=Tennessee -L=Nashville -O=End Point -OU=Testing Domain -emailAddress=your-administrative-address@your-awesome-existing-domain.com -CN = localhost diff --git a/build-php/v3.ext b/build-php/v3.ext deleted file mode 100644 index ab9de5f..0000000 --- a/build-php/v3.ext +++ /dev/null @@ -1,7 +0,0 @@ -authorityKeyIdentifier=keyid,issuer -basicConstraints=CA:FALSE -keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = localhost From 9e70bfe0231a4ab5a74e1df15c1e0edd250bdea1 Mon Sep 17 00:00:00 2001 From: Skipper Date: Wed, 14 Mar 2018 10:59:05 -0500 Subject: [PATCH 15/21] Updated README, setup redirect to https --- README.md | 30 ++++++++++++++++++++++++++---- build-mysql/startup.sh | 2 +- build/Dockerfile | 2 +- build/configsetup | 2 +- build/httpd.conf | 6 ++++++ build/server.csr.cnf | 14 +++++++------- 6 files changed, 42 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 7b7cb5b..79bf7e5 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ## Docker ChurchCRM -This is the Docker Installation of ChurchCRM. This will build the latest release of ChurchCRM for Docker. It is made with Apache/PHP7, ChurchCRM and MariaDB in 3 separate containers that work together. +This is the Docker Installation of ChurchCRM. This will build the latest release of ChurchCRM for Docker. It is made with Apache/PHP7/ChurchCRM and MariaDB in 2 separate containers that work together. ### How To Use @@ -8,14 +8,36 @@ It is necessary to have Docker installed on your system for this to work. See ht * Clone this repository. * Change your desired **database info** and **passwords** in the /secrets files. - - **MYSQL_ROOT_PASSWORD** = set this for the MYSQL root password in your installation **PLEASE CHANGE!!!** + - **MYSQL_ROOT_PWD** = set this for the MYSQL root password in your installation **PLEASE CHANGE!!!** - **MYSQL_USER** = set this as the churchcrm database username (Default: churchcrm) - - **MYSQL_PASSWORD** = set this for the churchcrm database user password **PLEASE CHANGE!!!** + - **MYSQL_USER_PWD** = set this for the churchcrm database user password **PLEASE CHANGE!!!** * From the command line, navigate to the root folder of your local repository and use docker-compose to build and run ChurchCRM. Run the following commands. - `docker-compose build` - `docker-compose up` -* You can view your installation of ChurchCRM on Docker by going to http://localhost (or your server's IP address) in a browser. +* You can view your installation of ChurchCRM on Docker by going to https://localhost (or your server's IP address) in a browser. * Enter the default login information: - Username: `admin` - Password: `changeme` - Once in, you will be prompted to change your password to something more secure. + +### SSL + +ChurchCRM for Docker is set to run by default using SSL encryption. When building the images, the build script will create Self-Signed Certificates and install them into Apache. When visiting the local site, browsers will prompt you with an error/warning that they don't recognize the Certificate Authority *(which is yourself in this case)*. When this occurs, allow the exception and continue to the site. + +It is recommended that you change the SSL config details under the [dn] section in the `./build/server.csr.cnf` file. + +### Using a Domain Name instead of https://localhost + +In order to access ChurchCRM via a domain name other than localhost, set an entry in your local computer's `/etc/hosts` file. + +* See https://www.siteground.com/kb/how_to_use_the_hosts_file/ to see where your hosts file is located and how to update. +* Add an entry in your `hosts` file such as `127.0.0.1 local.churchcrm.io` +* Once saved you can access your installation by going to `https://local.churchcrm.io` or any domainname that you specified in the hosts file. + +### Accessing ChurchCRM from another device + +While on the same local network, you can access ChurchCRM by visiting the IP address of the computer running Docker. For example, if your machine's local ip is 192.168.1.3, visiting that address (https://192.168.1.3) from another device will allow you to access ChurchCRM. + +### DATA STORAGE + +Running the `docker-compose up` command will create 2 separate Docker data-volumes to store the database and ChurchCRM uploaded photos. When the database and ChurchCRM images and containers are destroyed, rebuilt or updated, the data-volumes will persist unless you remove those volumes. diff --git a/build-mysql/startup.sh b/build-mysql/startup.sh index 253026c..85484e4 100644 --- a/build-mysql/startup.sh +++ b/build-mysql/startup.sh @@ -40,7 +40,7 @@ EOF echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_USER_DB\` CHARACTER SET utf8 COLLATE utf8_general_ci;" >> $tfile if [ "$MYSQL_USER" != "" ]; then - echo "[i] Creating user: $MYSQL_USER with password $MYSQL_USER_PWD" + #echo "[i] Creating user: $MYSQL_USER with password $MYSQL_USER_PWD" echo "GRANT ALL PRIVILEGES ON \`$MYSQL_USER_DB\`.* to '$MYSQL_USER'@'%' identified by '${MYSQL_USER_PWD}' ;" >> $tfile echo "GRANT ALL PRIVILEGES ON \`$MYSQL_USER_DB\`.* to '$MYSQL_USER'@'localhost' identified by '${MYSQL_USER_PWD}' ;" >> $tfile echo "FLUSH PRIVILEGES ;" >> $tfile diff --git a/build/Dockerfile b/build/Dockerfile index c1b4f00..2fbd2dc 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -50,7 +50,7 @@ COPY ./v3.ext . RUN /bin/bash -c "openssl genrsa -des3 -passout pass:xxxx -out rootCA.key 2048" && \ /bin/bash -c "openssl req -x509 -passin pass:xxxx -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config <( cat server.csr.cnf )" && \ /bin/bash -c "openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )" && \ - /bin/bash -c "openssl x509 -req -passin pass:xxxx -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext" + /bin/bash -c "openssl x509 -req -passin pass:xxxx -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3600 -sha256 -extfile v3.ext" # Download Latest Version of ChurchCRM WORKDIR /usr/local/apache2/ diff --git a/build/configsetup b/build/configsetup index 04ea5d4..b04c2be 100644 --- a/build/configsetup +++ b/build/configsetup @@ -6,7 +6,7 @@ MYSQL_USER=$(cat /run/secrets/MYSQL_USER) MYSQL_USER_PWD=$(cat /run/secrets/MYSQL_USER_PWD) #Add Server Name to HTTPD-SSL -sed -i "s/ServerName www.example.com:443/ServerName localhost:443/g" /usr/local/apache2/conf/extra/httpd-ssl.conf +sed -i "s/ServerName www.example.com:443/ServerName 0.0.0.0:443/g" /usr/local/apache2/conf/extra/httpd-ssl.conf # Create ChurchCRM Config File sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /usr/local/apache2/htdocs/Include/Config.php diff --git a/build/httpd.conf b/build/httpd.conf index 207dbd2..0222d55 100644 --- a/build/httpd.conf +++ b/build/httpd.conf @@ -51,6 +51,12 @@ ServerRoot "/usr/local/apache2" #Listen 12.34.56.78:80 Listen 0.0.0.0:80 + + ServerName localhost + RewriteEngine On + RewriteRule ^(.*)$ https://%{HTTP_HOST} + + # # Dynamic Shared Object (DSO) Support # diff --git a/build/server.csr.cnf b/build/server.csr.cnf index f2daed9..e1b8e63 100644 --- a/build/server.csr.cnf +++ b/build/server.csr.cnf @@ -5,10 +5,10 @@ default_md = sha256 distinguished_name = dn [dn] -C=US -ST=Tennessee -L=Nashville -O=End Point -OU=Testing Domain -emailAddress=your-administrative-address@your-awesome-existing-domain.com -CN = localhost +C=US # Country Name (2 letter code) +ST=Tennessee # State or Province Name (full name) +L=Nashville # Locality Name (eg, city) +O=End Point # Organization Name (eg, company) +OU=Testing Domain # Organizational Unit Name (eg, section) +emailAddress=email@domain.com # Your E-Mail Address +CN = localhost # Common Name (e.g. server FQDN or YOUR name) From 22d257ca6f7bea3b8c0b83ad673ca0e0e513d222 Mon Sep 17 00:00:00 2001 From: Skipper Date: Wed, 14 Mar 2018 11:29:00 -0500 Subject: [PATCH 16/21] Moved SSL Configuration over to the Docker-Compose.yml file --- README.md | 2 +- build/Dockerfile | 17 ++++++++++++----- build/server.csr.cnf | 14 -------------- docker-compose.yml | 11 ++++++++++- 4 files changed, 23 insertions(+), 21 deletions(-) delete mode 100644 build/server.csr.cnf diff --git a/README.md b/README.md index 79bf7e5..2e67a48 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ It is necessary to have Docker installed on your system for this to work. See ht ChurchCRM for Docker is set to run by default using SSL encryption. When building the images, the build script will create Self-Signed Certificates and install them into Apache. When visiting the local site, browsers will prompt you with an error/warning that they don't recognize the Certificate Authority *(which is yourself in this case)*. When this occurs, allow the exception and continue to the site. -It is recommended that you change the SSL config details under the [dn] section in the `./build/server.csr.cnf` file. +**NOTE:** PLEASE change the SSL config details under churchcrm/build/args section in the docker-compose.yml` file. ### Using a Domain Name instead of https://localhost diff --git a/build/Dockerfile b/build/Dockerfile index 2fbd2dc..6ff0890 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -10,7 +10,6 @@ RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/reposi apk add --upgrade apk-tools@edge && \ apk upgrade && \ apk add --no-cache \ - bash \ curl \ libressl \ openssl \ @@ -47,10 +46,18 @@ WORKDIR /usr/local/apache2/conf/ COPY ./server.csr.cnf . COPY ./v3.ext . -RUN /bin/bash -c "openssl genrsa -des3 -passout pass:xxxx -out rootCA.key 2048" && \ - /bin/bash -c "openssl req -x509 -passin pass:xxxx -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -config <( cat server.csr.cnf )" && \ - /bin/bash -c "openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat server.csr.cnf )" && \ - /bin/bash -c "openssl x509 -req -passin pass:xxxx -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3600 -sha256 -extfile v3.ext" +ARG country +ARG state +ARG locality +ARG organization +ARG organizationalunit +ARG email +ARG commonname + +RUN openssl genrsa -des3 -passout pass:xxxx -out rootCA.key 2048 && \ + openssl req -x509 -passin pass:xxxx -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/emailAddress=$email/CN=$commonname" && \ + openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/emailAddress=$email/CN=$commonname" && \ + openssl x509 -req -passin pass:xxxx -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3600 -sha256 -extfile v3.ext # Download Latest Version of ChurchCRM WORKDIR /usr/local/apache2/ diff --git a/build/server.csr.cnf b/build/server.csr.cnf deleted file mode 100644 index e1b8e63..0000000 --- a/build/server.csr.cnf +++ /dev/null @@ -1,14 +0,0 @@ -[req] -default_bits = 2048 -prompt = no -default_md = sha256 -distinguished_name = dn - -[dn] -C=US # Country Name (2 letter code) -ST=Tennessee # State or Province Name (full name) -L=Nashville # Locality Name (eg, city) -O=End Point # Organization Name (eg, company) -OU=Testing Domain # Organizational Unit Name (eg, section) -emailAddress=email@domain.com # Your E-Mail Address -CN = localhost # Common Name (e.g. server FQDN or YOUR name) diff --git a/docker-compose.yml b/docker-compose.yml index 23e9252..6681219 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -23,7 +23,16 @@ services: churchcrm: container_name: churchcrm - build: ./build + build: + context: ./build + args: # !!! Edit these !!! + country: US # Country Name (2 letter code) + state: Tennessee # State or Province Name (full name) + locality: Nashville # Locality Name (eg, city) + organization: ChurchCRM # Organization Name (eg, company) + organizationalunit: IT # Organizational Unit Name (eg, section) + email: myemail@example.com # Your Email Address + commonname: localhost # Common Name (e.g. server FQDN or YOUR name) ports: - "80:80" - "443:443" From 4fcd79655e5a5738a73101124143d4bc397caf99 Mon Sep 17 00:00:00 2001 From: Jason Skipper Date: Wed, 14 Mar 2018 12:05:27 -0500 Subject: [PATCH 17/21] Removed Reference to server config file --- build/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/build/Dockerfile b/build/Dockerfile index 6ff0890..3ef893f 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -43,7 +43,6 @@ COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf # SSL Generation WORKDIR /usr/local/apache2/conf/ -COPY ./server.csr.cnf . COPY ./v3.ext . ARG country From 4b583505811d00aceeb614ff3de82df90def3662 Mon Sep 17 00:00:00 2001 From: Jason Skipper Date: Wed, 14 Mar 2018 12:37:45 -0500 Subject: [PATCH 18/21] Updated Readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2e67a48..694a93b 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ It is necessary to have Docker installed on your system for this to work. See ht ChurchCRM for Docker is set to run by default using SSL encryption. When building the images, the build script will create Self-Signed Certificates and install them into Apache. When visiting the local site, browsers will prompt you with an error/warning that they don't recognize the Certificate Authority *(which is yourself in this case)*. When this occurs, allow the exception and continue to the site. -**NOTE:** PLEASE change the SSL config details under churchcrm/build/args section in the docker-compose.yml` file. +**NOTE:** PLEASE change the SSL config details under churchcrm/build/args section in the `docker-compose.yml` file. ### Using a Domain Name instead of https://localhost From 44eb5bb6098a8aea2e2fec333129177bb510532f Mon Sep 17 00:00:00 2001 From: Skipper Date: Thu, 15 Mar 2018 07:29:11 -0500 Subject: [PATCH 19/21] Changed Secrets to Single json file, Took off SSL from the main container --- build-mysql/Dockerfile | 4 +++- build-mysql/startup.sh | 9 +++++---- build/Dockerfile | 30 ++++++++++++++-------------- build/configsetup | 7 ++++--- build/httpd.conf | 14 +++++++------- crm_secrets.json | 6 ++++++ docker-compose.yml | 44 ++++++++++++++---------------------------- secrets/MYSQL_ROOT_PWD | 1 - secrets/MYSQL_USER | 1 - secrets/MYSQL_USER_PWD | 1 - 10 files changed, 54 insertions(+), 63 deletions(-) create mode 100644 crm_secrets.json delete mode 100644 secrets/MYSQL_ROOT_PWD delete mode 100644 secrets/MYSQL_USER delete mode 100644 secrets/MYSQL_USER_PWD diff --git a/build-mysql/Dockerfile b/build-mysql/Dockerfile index 1483e69..6aee351 100644 --- a/build-mysql/Dockerfile +++ b/build-mysql/Dockerfile @@ -4,7 +4,9 @@ MAINTAINER ChurchCRM RUN apk update && \ apk upgrade && \ apk add --no-cache \ - mariadb mariadb-client && \ + jq \ + mariadb \ + mariadb-client && \ addgroup mysql mysql && \ mkdir /scripts diff --git a/build-mysql/startup.sh b/build-mysql/startup.sh index 85484e4..ad9fc2b 100644 --- a/build-mysql/startup.sh +++ b/build-mysql/startup.sh @@ -2,10 +2,11 @@ # parameters MYSQL_DATADIR=${MYSQL_DATADIR:-"/var/lib/mysql"} -MYSQL_ROOT_PWD=$(cat /run/secrets/MYSQL_ROOT_PWD) -MYSQL_USER=$(cat /run/secrets/MYSQL_USER) -MYSQL_USER_PWD=$(cat /run/secrets/MYSQL_USER_PWD) -MYSQL_USER_DB=$MYSQL_USER_DB + +MYSQL_ROOT_PW=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_ROOT_PWD') +MYSQL_USER=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER') +MYSQL_USER_PWD=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER_PWD') +MYSQL_USER_DB=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER_DB') if [ -d "/run/mysqld" ]; then echo "[i] MySQL directory already present, skipping creation" diff --git a/build/Dockerfile b/build/Dockerfile index 3ef893f..63cb98c 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -11,8 +11,9 @@ RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/reposi apk upgrade && \ apk add --no-cache \ curl \ + jq \ libressl \ - openssl \ + #openssl \ php7 \ php7-apache2 \ php7-apcu \ @@ -28,7 +29,6 @@ RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/reposi php7-mcrypt \ php7-mysqli \ php7-mysqlnd \ - php7-openssl \ php7-pdo \ php7-pdo_mysql \ php7-phar \ @@ -41,22 +41,22 @@ RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/reposi COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf # SSL Generation -WORKDIR /usr/local/apache2/conf/ +#WORKDIR /usr/local/apache2/conf/ -COPY ./v3.ext . +#COPY ./v3.ext . -ARG country -ARG state -ARG locality -ARG organization -ARG organizationalunit -ARG email -ARG commonname +#ARG country +#ARG state +#ARG locality +#ARG organization +#ARG organizationalunit +#ARG email +#ARG commonname -RUN openssl genrsa -des3 -passout pass:xxxx -out rootCA.key 2048 && \ - openssl req -x509 -passin pass:xxxx -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/emailAddress=$email/CN=$commonname" && \ - openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/emailAddress=$email/CN=$commonname" && \ - openssl x509 -req -passin pass:xxxx -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3600 -sha256 -extfile v3.ext +#RUN openssl genrsa -des3 -passout pass:xxxx -out rootCA.key 2048 && \ +# openssl req -x509 -passin pass:xxxx -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/emailAddress=$email/CN=$commonname" && \ +# openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/emailAddress=$email/CN=$commonname" && \ +# openssl x509 -req -passin pass:xxxx -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3600 -sha256 -extfile v3.ext # Download Latest Version of ChurchCRM WORKDIR /usr/local/apache2/ diff --git a/build/configsetup b/build/configsetup index b04c2be..9af9520 100644 --- a/build/configsetup +++ b/build/configsetup @@ -2,15 +2,16 @@ cp /usr/local/apache2/htdocs/Include/Config.php.example /usr/local/apache2/htdocs/Include/Config.php # Import Docker Secrets -MYSQL_USER=$(cat /run/secrets/MYSQL_USER) -MYSQL_USER_PWD=$(cat /run/secrets/MYSQL_USER_PWD) +MYSQL_USER=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER') +MYSQL_USER_PWD=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER_PWD') +MYSQL_USER_DB=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER_DB') #Add Server Name to HTTPD-SSL sed -i "s/ServerName www.example.com:443/ServerName 0.0.0.0:443/g" /usr/local/apache2/conf/extra/httpd-ssl.conf # Create ChurchCRM Config File sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /usr/local/apache2/htdocs/Include/Config.php -sed -i "s/||DB_NAME||/$MYSQL_DATABASE/g" /usr/local/apache2/htdocs/Include/Config.php +sed -i "s/||DB_NAME||/$MYSQL_USER_DB/g" /usr/local/apache2/htdocs/Include/Config.php sed -i "s/||DB_USER||/$MYSQL_USER/g" /usr/local/apache2/htdocs/Include/Config.php sed -i "s/||DB_PASSWORD||/$MYSQL_USER_PWD/g" /usr/local/apache2/htdocs/Include/Config.php sed -i "s/||URL||//g" /usr/local/apache2/htdocs/Include/Config.php diff --git a/build/httpd.conf b/build/httpd.conf index 0222d55..2733c39 100644 --- a/build/httpd.conf +++ b/build/httpd.conf @@ -51,11 +51,11 @@ ServerRoot "/usr/local/apache2" #Listen 12.34.56.78:80 Listen 0.0.0.0:80 - - ServerName localhost - RewriteEngine On - RewriteRule ^(.*)$ https://%{HTTP_HOST} - +# +# ServerName localhost +# RewriteEngine On +# RewriteRule ^(.*)$ https://%{HTTP_HOST} +# # # Dynamic Shared Object (DSO) Support @@ -161,7 +161,7 @@ LoadModule version_module modules/mod_version.so #LoadModule session_dbd_module modules/mod_session_dbd.so #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -LoadModule ssl_module modules/mod_ssl.so +#LoadModule ssl_module modules/mod_ssl.so #LoadModule optional_hook_export_module modules/mod_optional_hook_export.so #LoadModule optional_hook_import_module modules/mod_optional_hook_import.so #LoadModule optional_fn_import_module modules/mod_optional_fn_import.so @@ -541,7 +541,7 @@ Include conf/extra/proxy-html.conf # Secure (SSL/TLS) connections -Include conf/extra/httpd-ssl.conf +#Include conf/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent diff --git a/crm_secrets.json b/crm_secrets.json new file mode 100644 index 0000000..36402ab --- /dev/null +++ b/crm_secrets.json @@ -0,0 +1,6 @@ +{ + "MYSQL_ROOT_PWD": "changeme", + "MYSQL_USER_DB": "churchcrm", + "MYSQL_USER": "churchcrm", + "MYSQL_USER_PWD": "changeme" +} diff --git a/docker-compose.yml b/docker-compose.yml index 6681219..49398ea 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,51 +9,35 @@ services: database: #Name of DB Host container_name: database build: ./build-mysql - environment: - MYSQL_ROOT_PWD_FILE: /run/secrets/MYSQL_ROOT_PWD - MYSQL_USER_DB: churchcrm - MYSQL_USER_FILE: /run/secrets/MYSQL_USER - MYSQL_USER_PWD_FILE: /run/secrets/MYSQL_USER_PWD volumes: - db-volume:/var/lib/mysql secrets: - - MYSQL_ROOT_PWD - - MYSQL_USER - - MYSQL_USER_PWD + - crm_secrets churchcrm: container_name: churchcrm build: context: ./build - args: # !!! Edit these !!! - country: US # Country Name (2 letter code) - state: Tennessee # State or Province Name (full name) - locality: Nashville # Locality Name (eg, city) - organization: ChurchCRM # Organization Name (eg, company) - organizationalunit: IT # Organizational Unit Name (eg, section) - email: myemail@example.com # Your Email Address - commonname: localhost # Common Name (e.g. server FQDN or YOUR name) - ports: - - "80:80" - - "443:443" + #args: # !!! Edit these !!! + # country: US # Country Name (2 letter code) + # state: Tennessee # State or Province Name (full name) + # locality: Nashville # Locality Name (eg, city) + # organization: ChurchCRM # Organization Name (eg, company) + # organizationalunit: IT # Organizational Unit Name (eg, section) + # email: myemail@example.com # Your Email Address + # commonname: localhost # Common Name (e.g. server FQDN or YOUR name) environment: - MYSQL_DATABASE: churchcrm MYSQL_DB_HOST: database - MYSQL_USER_PWD_FILE: /run/secrets/MYSQL_USER_PWD - MYSQL_USER_FILE: /run/secrets/MYSQL_USER + ports: + - "80:80" volumes: - img-volume:/usr/local/apache2/htdocs/Images secrets: - - MYSQL_USER_PWD - - MYSQL_USER + - crm_secrets secrets: - MYSQL_ROOT_PWD: - file: ./secrets/MYSQL_ROOT_PWD - MYSQL_USER: - file: ./secrets/MYSQL_USER - MYSQL_USER_PWD: - file: ./secrets/MYSQL_USER_PWD + crm_secrets: + file: ./crm_secrets.json volumes: img-volume: diff --git a/secrets/MYSQL_ROOT_PWD b/secrets/MYSQL_ROOT_PWD deleted file mode 100644 index dff0ae5..0000000 --- a/secrets/MYSQL_ROOT_PWD +++ /dev/null @@ -1 +0,0 @@ -changeme diff --git a/secrets/MYSQL_USER b/secrets/MYSQL_USER deleted file mode 100644 index 15cfa01..0000000 --- a/secrets/MYSQL_USER +++ /dev/null @@ -1 +0,0 @@ -churchcrm diff --git a/secrets/MYSQL_USER_PWD b/secrets/MYSQL_USER_PWD deleted file mode 100644 index dff0ae5..0000000 --- a/secrets/MYSQL_USER_PWD +++ /dev/null @@ -1 +0,0 @@ -changeme From 99e9a5acc2a17e9788262d11a826055a18c5d43f Mon Sep 17 00:00:00 2001 From: Skipper Date: Fri, 16 Mar 2018 10:06:36 -0500 Subject: [PATCH 20/21] Added nginx as a reverse proxy for apache. Set up 3 ways of running nginx. SSL Build, SSL Own and None (running on port 80) --- build-mysql/Dockerfile | 10 +++++---- build-mysql/{startup.sh => startup} | 34 ++++++++++++++++++++++++----- build/Dockerfile | 24 +++++--------------- build/configsetup | 22 +++++++++++++++---- build/httpd.conf | 1 + buildnginx/Dockerfile | 29 ++++++++++++++++++++++++ buildnginx/conf.d/churchcrm.conf | 18 +++++++++++++++ {build => buildnginx/conf.d}/v3.ext | 0 crm_secrets.json | 10 +++++---- docker-compose.yml | 31 +++++++++++++++++--------- 10 files changed, 133 insertions(+), 46 deletions(-) rename build-mysql/{startup.sh => startup} (54%) create mode 100644 buildnginx/Dockerfile create mode 100644 buildnginx/conf.d/churchcrm.conf rename {build => buildnginx/conf.d}/v3.ext (100%) diff --git a/build-mysql/Dockerfile b/build-mysql/Dockerfile index 6aee351..5bffa20 100644 --- a/build-mysql/Dockerfile +++ b/build-mysql/Dockerfile @@ -4,15 +4,17 @@ MAINTAINER ChurchCRM RUN apk update && \ apk upgrade && \ apk add --no-cache \ + figlet \ jq \ mariadb \ - mariadb-client && \ + mariadb-client \ + ncurses && \ addgroup mysql mysql && \ mkdir /scripts -COPY ./startup.sh /scripts/startup.sh -RUN chmod +x /scripts/startup.sh +COPY ./startup /scripts/startup +RUN chmod +x /scripts/startup EXPOSE 3306 -ENTRYPOINT ["/scripts/startup.sh"] +ENTRYPOINT ["/scripts/startup"] diff --git a/build-mysql/startup.sh b/build-mysql/startup similarity index 54% rename from build-mysql/startup.sh rename to build-mysql/startup index ad9fc2b..a42647d 100644 --- a/build-mysql/startup.sh +++ b/build-mysql/startup @@ -1,12 +1,36 @@ -#!/bin/sh +#!/bin/ash # parameters MYSQL_DATADIR=${MYSQL_DATADIR:-"/var/lib/mysql"} -MYSQL_ROOT_PW=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_ROOT_PWD') -MYSQL_USER=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER') -MYSQL_USER_PWD=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER_PWD') -MYSQL_USER_DB=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER_DB') +MYSQL_ROOT_PWD=$(cat /run/secrets/crm_secrets | jq -r '.mysql.MYSQL_ROOT_PWD') +MYSQL_USER=$(cat /run/secrets/crm_secrets | jq -r '.mysql.MYSQL_USER') +MYSQL_USER_PWD=$(cat /run/secrets/crm_secrets | jq -r '.mysql.MYSQL_USER_PWD') +MYSQL_USER_DB=$(cat /run/secrets/crm_secrets | jq -r '.mysql.MYSQL_USER_DB') + +if [ $MYSQL_ROOT_PWD = "changeme" ]; then + figlet -f colossal "WARNING" + red=$(tput setaf 1) # Red + reset=$(tput sgr0) + echo "${red}*********************************************" + echo "${red}WARNING!!!" + echo "${red}YOU DID NOT CHANGE THE MYSQL_ROOT_PWD IN THE crm_secrets.json FILE!!!" + echo "${red}This is EXTREMELY insecure. Please go back and change the password to something more secure and re-build your images by running `docker-compose build`" + echo "${red}*********************************************" + ${reset} + echo "" +fi +if [ $MYSQL_USER_PWD = "changeme" ]; then + figlet -f colossal "WARNING" + red=$(tput setaf 1) # Red + reset=$(tput sgr0) + echo "${red}*********************************************" + echo "${red}WARNING!!!" + echo "${red}YOU DID NOT CHANGE THE MYSQL_USER_PWD IN THE crm_secrets.json FILE!!!" + echo "${red}This is EXTREMELY insecure. Please go back and change the password to something more secure and re-build your images by running `docker-compose build`" + echo "${red}*********************************************" + ${reset} +fi if [ -d "/run/mysqld" ]; then echo "[i] MySQL directory already present, skipping creation" diff --git a/build/Dockerfile b/build/Dockerfile index 63cb98c..1ac1d4f 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -11,9 +11,10 @@ RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/reposi apk upgrade && \ apk add --no-cache \ curl \ + figlet \ jq \ libressl \ - #openssl \ + ncurses \ php7 \ php7-apache2 \ php7-apcu \ @@ -40,24 +41,6 @@ RUN echo "@edge http://dl-3.alpinelinux.org/alpine/edge/main" >> /etc/apk/reposi # Copy Apache configurations COPY ./httpd.conf /usr/local/apache2/conf/httpd.conf -# SSL Generation -#WORKDIR /usr/local/apache2/conf/ - -#COPY ./v3.ext . - -#ARG country -#ARG state -#ARG locality -#ARG organization -#ARG organizationalunit -#ARG email -#ARG commonname - -#RUN openssl genrsa -des3 -passout pass:xxxx -out rootCA.key 2048 && \ -# openssl req -x509 -passin pass:xxxx -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/emailAddress=$email/CN=$commonname" && \ -# openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/emailAddress=$email/CN=$commonname" && \ -# openssl x509 -req -passin pass:xxxx -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3600 -sha256 -extfile v3.ext - # Download Latest Version of ChurchCRM WORKDIR /usr/local/apache2/ @@ -76,6 +59,9 @@ WORKDIR /usr/local/apache2/htdocs/ # Modify php.ini and set config setup to be an executable RUN sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 16M/g" /etc/php7/php.ini && \ sed -i "s/post_max_size = 8M/post_max_size = 32M/g" /etc/php7/php.ini && \ + sed -i "s/zlib.output_compression = Off/zlib.output_compression = On/g" /etc/php7/php.ini && \ + sed -i "s/;error_log = php_errors.log/error_log = \/proc\/self\/fd\/2/g" /etc/php7/php.ini && \ + sed -i '/;error_log = syslog/a error_log = \/usr\/local\/apache2\/logs\/php_errors.log' /etc/php7/php.ini && \ chmod +x /usr/local/bin/configsetup # Run the configsetup file on container start diff --git a/build/configsetup b/build/configsetup index 9af9520..c4539fb 100644 --- a/build/configsetup +++ b/build/configsetup @@ -1,16 +1,30 @@ -#!/bin/sh +#!/bin/ash cp /usr/local/apache2/htdocs/Include/Config.php.example /usr/local/apache2/htdocs/Include/Config.php # Import Docker Secrets -MYSQL_USER=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER') -MYSQL_USER_PWD=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER_PWD') -MYSQL_USER_DB=$(cat /run/secrets/crm_secrets | jq -r '.MYSQL_USER_DB') +MYSQL_USER=$(cat /run/secrets/crm_secrets | jq -r '.mysql.MYSQL_USER') +MYSQL_USER_PWD=$(cat /run/secrets/crm_secrets | jq -r '.mysql.MYSQL_USER_PWD') +MYSQL_USER_DB=$(cat /run/secrets/crm_secrets | jq -r '.mysql.MYSQL_USER_DB') + +if [ $MYSQL_USER_PWD = "changeme" ]; then + figlet -f colossal "WARNING" + red=$(tput setaf 1) # Red + reset=$(tput sgr0) + echo "${red}*********************************************" + echo "${red}WARNING!!!" + echo "${red}YOU DID NOT CHANGE THE MYSQL_USER_PWD IN THE crm_secrets.json FILE!!!" + echo "${red}This is EXTREMELY insecure. Please go back and change the password to something more secure and re-build your images by running `docker-compose build`" + echo "${red}*********************************************" + ${reset} + echo "" +fi #Add Server Name to HTTPD-SSL sed -i "s/ServerName www.example.com:443/ServerName 0.0.0.0:443/g" /usr/local/apache2/conf/extra/httpd-ssl.conf # Create ChurchCRM Config File sed -i "s/||DB_SERVER_NAME||/$MYSQL_DB_HOST/g" /usr/local/apache2/htdocs/Include/Config.php +sed -i "s/||DB_SERVER_PORT||/3306/g" /usr/local/apache2/htdocs/Include/Config.php sed -i "s/||DB_NAME||/$MYSQL_USER_DB/g" /usr/local/apache2/htdocs/Include/Config.php sed -i "s/||DB_USER||/$MYSQL_USER/g" /usr/local/apache2/htdocs/Include/Config.php sed -i "s/||DB_PASSWORD||/$MYSQL_USER_PWD/g" /usr/local/apache2/htdocs/Include/Config.php diff --git a/build/httpd.conf b/build/httpd.conf index 2733c39..800ebce 100644 --- a/build/httpd.conf +++ b/build/httpd.conf @@ -54,6 +54,7 @@ Listen 0.0.0.0:80 # # ServerName localhost # RewriteEngine On +# ErrorLog /usr/local/apache2/logs/churchcrm.log # RewriteRule ^(.*)$ https://%{HTTP_HOST} # diff --git a/buildnginx/Dockerfile b/buildnginx/Dockerfile new file mode 100644 index 0000000..b84e457 --- /dev/null +++ b/buildnginx/Dockerfile @@ -0,0 +1,29 @@ +FROM nginx:alpine + +COPY ./conf.d/* /etc/nginx/conf.d/ + +RUN apk add --no-cache openssl + +# SSL Generation +WORKDIR /etc/nginx/conf.d + +ARG ssl +ARG country +ARG state +ARG locality +ARG organization +ARG organizationalunit +ARG email +ARG commonname + +RUN if [ "$ssl" = "build" ]; then \ + openssl genrsa -des3 -passout pass:xxxx -out rootCA.key 2048; \ + openssl req -x509 -passin pass:xxxx -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/emailAddress=$email/CN=$commonname"; \ + openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -subj "/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/emailAddress=$email/CN=$commonname"; \ + openssl x509 -req -passin pass:xxxx -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3600 -sha256 -extfile v3.ext; \ + fi && \ + if [ "$ssl" = "none" ]; then \ + sed -i "s/listen 443 default_server ssl;/listen 80 default_server;/g" /etc/nginx/conf.d/churchcrm.conf; \ + sed -i "s/ssl_certificate \/etc\/nginx\/conf.d\/server.crt;//g" /etc/nginx/conf.d/churchcrm.conf; \ + sed -i "s/ssl_certificate_key \/etc\/nginx\/conf.d\/server.key;//g" /etc/nginx/conf.d/churchcrm.conf; \ + fi diff --git a/buildnginx/conf.d/churchcrm.conf b/buildnginx/conf.d/churchcrm.conf new file mode 100644 index 0000000..cdc334b --- /dev/null +++ b/buildnginx/conf.d/churchcrm.conf @@ -0,0 +1,18 @@ +server { + #return 301 https://$host$request_uri; + listen 443 default_server ssl; + server_name localhost; + ssl_certificate /etc/nginx/conf.d/server.crt; + ssl_certificate_key /etc/nginx/conf.d/server.key; + + location / { + + proxy_pass http://churchcrm; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + + } +} diff --git a/build/v3.ext b/buildnginx/conf.d/v3.ext similarity index 100% rename from build/v3.ext rename to buildnginx/conf.d/v3.ext diff --git a/crm_secrets.json b/crm_secrets.json index 36402ab..ba8621c 100644 --- a/crm_secrets.json +++ b/crm_secrets.json @@ -1,6 +1,8 @@ { - "MYSQL_ROOT_PWD": "changeme", - "MYSQL_USER_DB": "churchcrm", - "MYSQL_USER": "churchcrm", - "MYSQL_USER_PWD": "changeme" + "mysql": { + "MYSQL_ROOT_PWD": "changeme", + "MYSQL_USER_DB": "churchcrm", + "MYSQL_USER": "churchcrm", + "MYSQL_USER_PWD": "changeme" + } } diff --git a/docker-compose.yml b/docker-compose.yml index 49398ea..f863737 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,27 +13,38 @@ services: - db-volume:/var/lib/mysql secrets: - crm_secrets + tty: true churchcrm: container_name: churchcrm build: context: ./build - #args: # !!! Edit these !!! - # country: US # Country Name (2 letter code) - # state: Tennessee # State or Province Name (full name) - # locality: Nashville # Locality Name (eg, city) - # organization: ChurchCRM # Organization Name (eg, company) - # organizationalunit: IT # Organizational Unit Name (eg, section) - # email: myemail@example.com # Your Email Address - # commonname: localhost # Common Name (e.g. server FQDN or YOUR name) environment: MYSQL_DB_HOST: database - ports: - - "80:80" volumes: - img-volume:/usr/local/apache2/htdocs/Images secrets: - crm_secrets + tty: true + + nginx: + build: + context: ./buildnginx + args: + ssl: build # (none/own/build) + # If you would like for the build script to setup SSL on your server, uncomment the lines below and change the values. + # If you want to provide your own certificate, put the "server.crt" and "server.key" files in the "buildnginx/conf.d folder" + country: US # Country Name (2 letter code) + state: Tennessee # State or Province Name (full name) + locality: Nashville # Locality Name (eg, city) + organization: ChurchCRM # Organization Name (eg, company) + organizationalunit: IT # Organizational Unit Name (eg, section) + email: myemail@example.com # Your Email Address + commonname: localhost # Common Name (e.g. server FQDN or YOUR name) + container_name: crm-nginx + ports: + - "80:80" + - "443:443" secrets: crm_secrets: From 0c017855d5beb2aed04f23918f69e30c32241754 Mon Sep 17 00:00:00 2001 From: Skipper Date: Sat, 17 Mar 2018 06:31:49 -0500 Subject: [PATCH 21/21] Updated README --- README.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 694a93b..4dbe8fd 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,14 @@ ## Docker ChurchCRM -This is the Docker Installation of ChurchCRM. This will build the latest release of ChurchCRM for Docker. It is made with Apache/PHP7/ChurchCRM and MariaDB in 2 separate containers that work together. +This is the Docker Installation of ChurchCRM. This will build the latest release of ChurchCRM for Docker. It is made with Apache/PHP7/ChurchCRM and MariaDB in 2 separate containers and a third container (nginx working as a reverse proxy) that work together. ### How To Use It is necessary to have Docker installed on your system for this to work. See https://www.docker.com/community-edition#/download... * Clone this repository. -* Change your desired **database info** and **passwords** in the /secrets files. - - **MYSQL_ROOT_PWD** = set this for the MYSQL root password in your installation **PLEASE CHANGE!!!** - - **MYSQL_USER** = set this as the churchcrm database username (Default: churchcrm) - - **MYSQL_USER_PWD** = set this for the churchcrm database user password **PLEASE CHANGE!!!** +* Change your desired **database info** and **passwords** in the crm_secrets.json file. **PLEASE CHANGE** +* Change your desired SSL setup in the docker_compose.yml file under the nginx: args section. (Read commented lines to see your options) * From the command line, navigate to the root folder of your local repository and use docker-compose to build and run ChurchCRM. Run the following commands. - `docker-compose build` - `docker-compose up` @@ -22,9 +20,13 @@ It is necessary to have Docker installed on your system for this to work. See ht ### SSL -ChurchCRM for Docker is set to run by default using SSL encryption. When building the images, the build script will create Self-Signed Certificates and install them into Apache. When visiting the local site, browsers will prompt you with an error/warning that they don't recognize the Certificate Authority *(which is yourself in this case)*. When this occurs, allow the exception and continue to the site. +ChurchCRM for Docker is set to run by default using SSL encryption. There are 3 build options in regards to SSL. -**NOTE:** PLEASE change the SSL config details under churchcrm/build/args section in the `docker-compose.yml` file. +* `build`: This option will create an SSL certificate for you. Please fill out your information in the docker_compose.yml file under the nginx: args section. +* `own`: With this option, you will need to provide your own SSL certificates. Please put your own "server.crt" and "server.key" files in the "buildnginx/conf.d folder. SSL will not work if chooseing this option and not adding the correctly named certificates there. +* `none`: This will run an installation of ChurchCRM without SSL. You will be able to access your installation at http://localhost (as opposed to https://localhost) + +**NOTE** While using SSL on localhost, browsers will prompt with an error/warning that they don't recognize the Certificate Authority *(which is yourself in this case)*. When this occurs, allow the exception and continue to the site. ### Using a Domain Name instead of https://localhost