diff options
Diffstat (limited to 'docker-entrypoint.sh')
-rwxr-xr-x | docker-entrypoint.sh | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100755 index 0000000..cff51eb --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,98 @@ +#!/bin/sh +set -e + +# Environment variables that are used if not empty: +# SERVER_NAMES +# LOCATION +# AUTH_TYPE +# REALM +# USERNAME +# PASSWORD +# ANONYMOUS_METHODS +# SSL_CERT + +# Just in case this environment variable has gone missing. +HTTPD_PREFIX="${HTTPD_PREFIX:-/usr/local/apache2}" + +# Configure vhosts. +if [ "x$SERVER_NAMES" != "x" ]; then + # Use first domain as Apache ServerName. + SERVER_NAME="${SERVER_NAMES%%,*}" + sed -e "s|ServerName .*|ServerName $SERVER_NAME|" \ + -i "$HTTPD_PREFIX"/conf/sites-available/default*.conf + + # Replace commas with spaces and set as Apache ServerAlias. + SERVER_ALIAS="`printf '%s\n' "$SERVER_NAMES" | tr ',' ' '`" + sed -e "/ServerName/a\ \ ServerAlias $SERVER_ALIAS" \ + -i "$HTTPD_PREFIX"/conf/sites-available/default*.conf +fi + +# Configure dav.conf +if [ "x$LOCATION" != "x" ]; then + sed -e "s|Alias /|Alias $LOCATION|" \ + -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" +fi +if [ "x$REALM" != "x" ]; then + sed -e "s|AuthName .*|AuthName \"$REALM\"|" \ + -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" +else + REALM="WebDAV" +fi +if [ "x$AUTH_TYPE" != "x" ]; then + # Only support "Basic" and "Digest". + if [ "$AUTH_TYPE" != "Basic" ] && [ "$AUTH_TYPE" != "Digest" ]; then + printf '%s\n' "$AUTH_TYPE: Unknown AuthType" 1>&2 + exit 1 + fi + sed -e "s|AuthType .*|AuthType $AUTH_TYPE|" \ + -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" +fi + +# Add password hash, unless "user.passwd" already exists (ie, bind mounted). +if [ ! -e "/user.passwd" ]; then + touch "/user.passwd" + # Only generate a password hash if both username and password given. + if [ "x$USERNAME" != "x" ] && [ "x$PASSWORD" != "x" ]; then + if [ "$AUTH_TYPE" = "Digest" ]; then + # Can't run `htdigest` non-interactively, so use other tools. + HASH="`printf '%s' "$USERNAME:$REALM:$PASSWORD" | md5sum | awk '{print $1}'`" + printf '%s\n' "$USERNAME:$REALM:$HASH" > /user.passwd + else + htpasswd -B -b -c "/user.passwd" $USERNAME $PASSWORD + fi + fi +fi + +# If specified, allow anonymous access to specified methods. +if [ "x$ANONYMOUS_METHODS" != "x" ]; then + if [ "$ANONYMOUS_METHODS" = "ALL" ]; then + sed -e "s/Require valid-user/Require all granted/" \ + -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" + else + sed -e "/Require valid-user/a\ \ \ \ Require method $ANONYMOUS_METHODS" \ + -i "$HTTPD_PREFIX/conf/conf-available/dav.conf" + fi +fi + +case "${SSL_CERT:-none}" in + "selfsigned") + # Generate self-signed SSL certificate. + # If SERVER_NAMES is given, use the first domain as the Common Name. + if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then + apk add --no-cache openssl + openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ + -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" + apk del --no-cache openssl + fi + # Enable SSL Apache modules. + for i in http2 ssl; do + sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf" + done + # Enable SSL vhost. + if [ -e /privkey.pem ] && [ -e /cert.pem ]; then + ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \ + fi + ;; +esac + +exec "$@" |