Merge branch 'hotfix-0.6.4' into stable

Author: BertrandGouny

CHANGELOG.md

@@ -1,17 +1,22 @@
 # Changelog
 
+## 0.6.4
+  - Upgrade baseimage: web-baseimage:0.1.5
+  - Remove listen on http when https is enable
+  - externalise ldap-client config from phpLdapAdmin
+
 ## 0.6.3
-  - Upgrade baseimage: osixia/web-baseimage:0.1.3
+  - Upgrade baseimage: web-baseimage:0.1.3
 
 ## 0.6.2
   - Better way to add custom config
 
 ## 0.6.1
-  - Upgrade baseimage: osixia/web-baseimage:0.1.1
+  - Upgrade baseimage: web-baseimage:0.1.1
   - Rename environment variables
 
 ## 0.6.0
-  - Use new baseimage: osixia/light-baseimage
+  - Use new baseimage: light-baseimage
 
 ## 0.5.1
   - Fix #1 (can't activate SSL with own certificates)

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/phpldapadmin
-VERSION = 0.6.3
+VERSION = 0.6.4
 
 .PHONY: all build test tag_latest release
 

README.md

@@ -29,7 +29,7 @@ Example script:
     LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
 
     # Run phpLDAPadmin and set ldap host to ldap ip
-    PHPLDAP_CID=$(docker run -h phpldapadmin.example.org -e PHPLDAPADMIN_LDAP_HOSTS=$LDAP_IP -d osixia/phpldapadmin:0.6.2)
+    PHPLDAP_CID=$(docker run -h phpldapadmin.example.org -e PHPLDAPADMIN_LDAP_HOSTS=$LDAP_IP -d osixia/phpldapadmin:0.6.4)
 
     # We get phpLDAPadmin container ip
     PHPLDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $PHPLDAP_CID)
@@ -112,9 +112,9 @@ Ldap client TLS/LDAPS :
 
 - **PHPLDAPADMIN_LDAP_CLIENT_TLS**: Enable ldap client tls config, ldap serveur certificate check and set client  certificate. Defaults to `true`
 - **PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT**: Set ldap.conf TLS_REQCERT. Defaults to `demand`
-- **PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME**: Set ldap.conf TLS_CACERT to /container/service/phpldapadmin/assets/ldap-client/certs/$PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME. Defaults to `ldap-ca.crt`
-- **PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME**: Set .ldaprc TLS_CERT to /container/service/phpldapadmin/assets/ldap-client/certs/$PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME. Defaults to `ldap-client.crt`
-- **PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME**: Set .ldaprc TLS_KEY to /container/service/phpldapadmin/assets/ldap-client/certs/$PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME. Defaults to `ldap-client.key`
+- **PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME**: Set ldap.conf TLS_CACERT to /container/service/ldap-client/assets/certs/$PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME. Defaults to `ldap-ca.crt`
+- **PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME**: Set .ldaprc TLS_CERT to /container/service/ldap-client/assets/certs/$PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME. Defaults to `ldap-client.crt`
+- **PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME**: Set .ldaprc TLS_KEY to /container/service/ldap-client/assets/certs/$PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME. Defaults to `ldap-client.key`
 
 	More information at : http://www.openldap.org/doc/admin24/tls.html (16.2.2. Client Configuration)
 
@@ -140,7 +140,7 @@ Clone this project :
 Adapt Makefile, set your image NAME and VERSION, for example :
 
 	NAME = osixia/phpldapadmin
-	VERSION = 0.6.2
+	VERSION = 0.6.4
 
 	becomes :
 	NAME = billy-the-king/phpldapadmin

image/Dockerfile

@@ -1,4 +1,4 @@
-FROM osixia/web-baseimage:0.1.3
+FROM osixia/web-baseimage:0.1.5
 MAINTAINER Bertrand Gouny <bertrand.gouny@osixia.net>
 
 # phpLDAPadmin version

image/service/ldap-client/assets/certs/README.md

@@ -0,0 +1,2 @@
+Add your ldap client certificate, key and CA certificate here
+or during docker run mount a data volume with thoses files to /container/service/ldap-client/assets/certs

image/service/ldap-client/container-start.sh

@@ -0,0 +1,30 @@
+#!/bin/bash -e
+
+FIRST_START_DONE="/etc/docker-ldap-client-first-start-done"
+
+# container first start
+if [ ! -e "$FIRST_START_DONE" ]; then
+
+  if [ "${PHPLDAPADMIN_LDAP_CLIENT_TLS,,}" == "true" ]; then
+
+    # check certificat and key or create it
+    /sbin/ssl-helper "/container/service/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME}" "/container/service/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME}" --ca-crt=/container/service/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME} --gnutls
+
+    # ldap client config
+    sed -i "s,TLS_CACERT.*,TLS_CACERT /container/service/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf
+    echo "TLS_REQCERT $PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT" >> /etc/ldap/ldap.conf
+
+    www_data_homedir=$( getent passwd "www-data" | cut -d: -f6 )
+
+    [[ -f "$www_data_homedir/.ldaprc" ]] && rm -f $www_data_homedir/.ldaprc
+    touch $www_data_homedir/.ldaprc
+    echo "TLS_CERT /container/service/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME}" >> $www_data_homedir/.ldaprc
+    echo "TLS_KEY /container/service/ldap-client/assets/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME}" >> $www_data_homedir/.ldaprc
+
+    chown www-data:www-data -R /container/service/ldap-client/assets/certs/
+  fi
+
+  touch $FIRST_START_DONE
+fi
+
+exit 0

image/service/phpldapadmin/assets/apache2/phpldapadmin-ssl.conf

@@ -1,33 +1,26 @@
-<VirtualHost *:80>
-	ServerName ${HOSTNAME}
-	Redirect permanent / https://${HOSTNAME}/
-</VirtualHost>
-
-<IfModule mod_ssl.c>
-	<VirtualHost _default_:443>
+<VirtualHost _default_:443>
 
-		ServerName ${HOSTNAME}
-		ServerAdmin ${PHPLDAPADMIN_SERVER_ADMIN}
-		ServerPath /phpldapadmin
+	ServerName ${HOSTNAME}
+	ServerAdmin ${PHPLDAPADMIN_SERVER_ADMIN}
+	ServerPath /phpldapadmin
 
-		DocumentRoot /var/www/phpldapadmin/htdocs
+	DocumentRoot /var/www/phpldapadmin/htdocs
 
-		ErrorLog ${APACHE_LOG_DIR}/error.log
-		CustomLog ${APACHE_LOG_DIR}/access.log combined
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
 
-		Include /etc/apache2/conf-available/vhost-partial-ssl.conf
+	Include /etc/apache2/conf-available/vhost-partial-ssl.conf
 
-		SSLCertificateFile    /container/service/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CRT_FILENAME}
-		SSLCertificateKeyFile /container/service/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_KEY_FILENAME}
-		#SSLCACertificateFile /container/service/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME}
+	SSLCertificateFile    /container/service/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CRT_FILENAME}
+	SSLCertificateKeyFile /container/service/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_KEY_FILENAME}
+	#SSLCACertificateFile /container/service/phpldapadmin/assets/apache2/certs/${PHPLDAPADMIN_HTTPS_CA_CRT_FILENAME}
 
-		<Directory /var/www/phpldapadmin/htdocs >
-			Require all granted
-		</Directory>
+	<Directory /var/www/phpldapadmin/htdocs >
+		Require all granted
+	</Directory>
 
-		<files config.php >
-			Require all denied
-		</files>
+	<files config.php >
+		Require all denied
+	</files>
 
-	</VirtualHost>
-</IfModule>
+</VirtualHost>

image/service/phpldapadmin/container-start.sh

@@ -131,25 +131,6 @@ if [ ! -e "$FIRST_START_DONE" ]; then
 
   fi
 
-  if [ "${PHPLDAPADMIN_LDAP_CLIENT_TLS,,}" == "true" ]; then
-
-    # check certificat and key or create it
-    /sbin/ssl-helper "/container/service/phpldapadmin/assets/ldap-client/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME}" "/container/service/phpldapadmin/assets/ldap-client/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME}" --ca-crt=/container/service/phpldapadmin/assets/ldap-client/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME} --gnutls
-
-    # ldap client config
-    sed -i "s,TLS_CACERT.*,TLS_CACERT /container/service/phpldapadmin/assets/ldap-client/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf
-    echo "TLS_REQCERT $PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT" >> /etc/ldap/ldap.conf
-
-    www_data_homedir=$( getent passwd "www-data" | cut -d: -f6 )
-
-    [[ -f "$www_data_homedir/.ldaprc" ]] && rm -f $www_data_homedir/.ldaprc
-    touch $www_data_homedir/.ldaprc
-    echo "TLS_CERT /container/service/phpldapadmin/assets/ldap-client/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME}" >> $www_data_homedir/.ldaprc
-    echo "TLS_KEY /container/service/phpldapadmin/assets/ldap-client/certs/${PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME}" >> $www_data_homedir/.ldaprc
-
-    chown www-data:www-data -R /container/service/phpldapadmin/assets/ldap-client/certs/
-  fi
-
   # fix file permission
   find /var/www/ -type d -exec chmod 755 {} \;
   find /var/www/ -type f -exec chmod 644 {} \;

test/test.bats

@@ -29,7 +29,7 @@ load test_helper
   tmp_file="$BATS_TMPDIR/docker-test"
 
   # we start a new openldap container
-  LDAP_CID=$(docker run -d osixia/openldap:1.0.1)
+  LDAP_CID=$(docker run -d osixia/openldap:1.0.4)
   LDAP_IP=$(get_container_ip_by_cid $LDAP_CID)
 
   # we start the wordpress container and set DB_HOSTS