summaryrefslogtreecommitdiffstats
path: root/docker-entrypoint.sh
diff options
context:
space:
mode:
Diffstat (limited to 'docker-entrypoint.sh')
-rwxr-xr-xdocker-entrypoint.sh98
1 files changed, 98 insertions, 0 deletions
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
new file mode 100755
index 0000000..cff51eb
--- /dev/null
+++ b/docker-entrypoint.sh
@@ -0,0 +1,98 @@
+#!/bin/sh
+set -e
+
+# Environment variables that are used if not empty:
+# SERVER_NAMES
+# LOCATION
+# AUTH_TYPE
+# REALM
+# USERNAME
+# PASSWORD
+# ANONYMOUS_METHODS
+# SSL_CERT
+
+# Just in case this environment variable has gone missing.
+HTTPD_PREFIX="${HTTPD_PREFIX:-/usr/local/apache2}"
+
+# Configure vhosts.
+if [ "x$SERVER_NAMES" != "x" ]; then
+ # Use first domain as Apache ServerName.
+ SERVER_NAME="${SERVER_NAMES%%,*}"
+ sed -e "s|ServerName .*|ServerName $SERVER_NAME|" \
+ -i "$HTTPD_PREFIX"/conf/sites-available/default*.conf
+
+ # Replace commas with spaces and set as Apache ServerAlias.
+ SERVER_ALIAS="`printf '%s\n' "$SERVER_NAMES" | tr ',' ' '`"
+ sed -e "/ServerName/a\ \ ServerAlias $SERVER_ALIAS" \
+ -i "$HTTPD_PREFIX"/conf/sites-available/default*.conf
+fi
+
+# Configure dav.conf
+if [ "x$LOCATION" != "x" ]; then
+ sed -e "s|Alias /|Alias $LOCATION|" \
+ -i "$HTTPD_PREFIX/conf/conf-available/dav.conf"
+fi
+if [ "x$REALM" != "x" ]; then
+ sed -e "s|AuthName .*|AuthName \"$REALM\"|" \
+ -i "$HTTPD_PREFIX/conf/conf-available/dav.conf"
+else
+ REALM="WebDAV"
+fi
+if [ "x$AUTH_TYPE" != "x" ]; then
+ # Only support "Basic" and "Digest".
+ if [ "$AUTH_TYPE" != "Basic" ] && [ "$AUTH_TYPE" != "Digest" ]; then
+ printf '%s\n' "$AUTH_TYPE: Unknown AuthType" 1>&2
+ exit 1
+ fi
+ sed -e "s|AuthType .*|AuthType $AUTH_TYPE|" \
+ -i "$HTTPD_PREFIX/conf/conf-available/dav.conf"
+fi
+
+# Add password hash, unless "user.passwd" already exists (ie, bind mounted).
+if [ ! -e "/user.passwd" ]; then
+ touch "/user.passwd"
+ # Only generate a password hash if both username and password given.
+ if [ "x$USERNAME" != "x" ] && [ "x$PASSWORD" != "x" ]; then
+ if [ "$AUTH_TYPE" = "Digest" ]; then
+ # Can't run `htdigest` non-interactively, so use other tools.
+ HASH="`printf '%s' "$USERNAME:$REALM:$PASSWORD" | md5sum | awk '{print $1}'`"
+ printf '%s\n' "$USERNAME:$REALM:$HASH" > /user.passwd
+ else
+ htpasswd -B -b -c "/user.passwd" $USERNAME $PASSWORD
+ fi
+ fi
+fi
+
+# If specified, allow anonymous access to specified methods.
+if [ "x$ANONYMOUS_METHODS" != "x" ]; then
+ if [ "$ANONYMOUS_METHODS" = "ALL" ]; then
+ sed -e "s/Require valid-user/Require all granted/" \
+ -i "$HTTPD_PREFIX/conf/conf-available/dav.conf"
+ else
+ sed -e "/Require valid-user/a\ \ \ \ Require method $ANONYMOUS_METHODS" \
+ -i "$HTTPD_PREFIX/conf/conf-available/dav.conf"
+ fi
+fi
+
+case "${SSL_CERT:-none}" in
+ "selfsigned")
+ # Generate self-signed SSL certificate.
+ # If SERVER_NAMES is given, use the first domain as the Common Name.
+ if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then
+ apk add --no-cache openssl
+ openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \
+ -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}"
+ apk del --no-cache openssl
+ fi
+ # Enable SSL Apache modules.
+ for i in http2 ssl; do
+ sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"
+ done
+ # Enable SSL vhost.
+ if [ -e /privkey.pem ] && [ -e /cert.pem ]; then
+ ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \
+ fi
+ ;;
+esac
+
+exec "$@"