Merge branch 'release-0.6.0' into stable

Author: BertrandGouny

CHANGELOG.md

@@ -1,5 +1,10 @@
-## 0.5.1 (release date: 2015-05-17)
+# Changelog
+
+## 0.6.0
+  - Use new baseimage: osixia/light-baseimage
+
+## 0.5.1
   - Fix #1 (can't activate SSL with own certificates)
 
-## 0.5.0 (release date: 2015-03-03)
+## 0.5.0
   - New version initial release

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/phpldapadmin
-VERSION = 0.5.1
+VERSION = 0.6.0
 
 .PHONY: all build test tag_latest release
 
@@ -16,6 +16,5 @@ tag_latest:
 
 release: build test tag_latest
 	@if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi
-	@if ! head -n 1 CHANGELOG.md | grep -q 'release date'; then echo 'Please note the release date in Changelog.md.' && false; fi
 	docker push $(NAME)
 	@echo "*** Don't forget to run 'twgit release/hotfix finish' :)"

README.md

@@ -1,9 +1,10 @@
 # osixia/phpldapadmin
 
+[![](https://badge.imagelayers.io/osixia/phpldapadmin:latest.svg)](https://imagelayers.io/?images=osixia/phpldapadmin:latest 'Get your own badge on imagelayers.io')
+
 A docker image to run phpLDAPadmin.
 > [phpldapadmin.sourceforge.net](http://phpldapadmin.sourceforge.net)
 
-
 ## Quick start
 
 Run a phpLDAPadmin docker image by replacing `ldap.example.com` with your ldap host or IP :
@@ -17,22 +18,40 @@ That's it :) you can access phpLDAPadmin on **https://localhost**
 
 ## Examples
 
-### OpenLDAP & phpLDAPadmin in 1''
+### OpenLDAP & phpLDAPadmin in 1'
+
+Example script:
+
+    #!/bin/bash -e
+
+    # Run a ldap server, save the container id in LDAP_CID and get its IP:
+    LDAP_CID=$(docker run -h ldap.example.org -d osixia/openldap:1.0.0)
+    LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
+
+    # Run phpLDAPadmin and set ldap host to ldap ip
+    PHPLDAP_CID=$(docker run -h phpldapadmin.example.org -e LDAP_HOSTS=$LDAP_IP -d osixia/phpldapadmin:0.6.0)
+
+    # We get phpLDAPadmin container ip
+    PHPLDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $PHPLDAP_CID)
+
+    echo "Go to: https://$PHPLDAP_IP"
+    echo "Login DN: cn=admin,dc=example,dc=org"
+    echo "Password: admin"
 
 ### HTTPS
 
 #### Use autogenerated certificate
-By default HTTPS is enable, a certificate is created for the CN (common name) example.org. To work properly on your server adjust SERVER_NAME environment variable to match the phpLDAPadmin server CN.
+By default HTTPS is enable, a certificate is created with the container hostname (set by -h option eg: phpldapadmin.my-compagny.com).
 
-	docker run -e SERVER_NAME=phpldapadmin.my-compagny.com -d osixia/phpldapadmin
+	docker run -h phpldapadmin.my-compagny.com -d osixia/phpldapadmin
 
 #### Use your own certificate
 
-Add your custom certificate, private key and CA certificate in the directory **image/service/phpldapadmin/assets/apache2/ssl** adjust filename in **image/env.yml** and rebuild the image ([see manual build](#manual-build)).
+Add your custom certificate, private key and CA certificate in the directory **image/service/phpldapadmin/assets/apache2/ssl** adjust filename in **image/env.yaml** and rebuild the image ([see manual build](#manual-build)).
 
-Or you can set your custom certificate at run time, by mouting your a directory containing thoses files to **/osixia/phpldapadmin/apache2/ssl** and adjust there name with the following environment variables :
+Or you can set your custom certificate at run time, by mouting your a directory containing thoses files to **/container/service/phpldapadmin/assets/apache2/ssl** and adjust there name with the following environment variables :
 
-	docker run -v /path/to/certifates:/osixia/phpldapadmin/apache2/ssl \
+	docker run -v /path/to/certifates:/container/service/phpldapadmin/assets/apache2/ssl \
 	-e SSL_CRT_FILENAME=my-phpldapadmin.crt \
 	-e SSL_KEY_FILENAME=my-phpldapadmin.key \
 	-e SSL_CA_CRT_FILENAME=the-ca.crt \
@@ -47,26 +66,90 @@ Add -e HTTPS=false to the run command :
 
 ## Environment Variables
 
+Environement variables defaults are set in **image/env.yaml**. You can modify environment variable values directly in this file and rebuild the image ([see manual build](#manual-build)). You can also override those values at run time with -e argument or by setting your own env.yaml file as a docker volume to `/etc/env.yaml`. See examples below.
+
+- **LDAP_HOSTS**: Set phpLDAPadmin server config. Defaults to :
+
+		   - ldap.example.org:
+		    - server:
+		      - tls: true
+		    - login:
+		      - bind_id: cn=admin,dc=example,dc=org
+		  - ldap2.example.org
+		  - ldap3.example.org
+
+	This will be converted in the phpldapadmin config.php file to :
+
+		$servers->newServer('ldap_pla');
+		$servers->setValue('server','name','ldap.example.org');
+		$servers->setValue('server','host','ldap.example.org');
+		$servers->setValue('server','tls',true);
+		$servers->setValue('login','bind_id','cn=admin,dc=example,dc=org');
+		$servers->newServer('ldap_pla');
+		$servers->setValue('server','name','ldap2.example.org');
+		$servers->setValue('server','host','ldap2.example.org');
+		$servers->newServer('ldap_pla');
+		$servers->setValue('server','name','ldap3.example.org');
+		$servers->setValue('server','host','ldap3.example.org');
+
+	If you want to set this variable at docker run command convert the yaml in python :
+
+		docker run -e LDAP_HOSTS="[{'ldap.example.org': [{'server': [{'tls': True}]},{'login': [{'bind_id': 'cn=admin,dc=example,dc=org'}]}]}, 'ldap2.example.org', 'ldap3.example.org']" -d osixia/phpldapadmin
+
+	To convert yaml to python online :
+	http://yaml-online-parser.appspot.com/
+
+Apache config :
+- **SERVER_ADMIN**: Server admin email. Defaults to `webmaster@example.org`
+
+HTTPS options :
+- **HTTPS**: Use apache ssl config. Defaults to `true`
+- **SSL_CRT_FILENAME**: Apache ssl certificate filename. Defaults to `phpldapadmin.crt`
+- **SSL_KEY_FILENAME**: Apache ssl certificate private key filename. Defaults to `phpldapadmin.key`
+- **SSL_CA_CRT_FILENAME**: Apache ssl CA certificate filename. Defaults to `ca.crt`
+
+Ldap client TLS/LDAPS options :
+
+- **USE_LDAP_CLIENT_SSL**: Enable ldap client tls config, ldap serveur certificate check and set client  certificate. Defaults to `true`
+- **LDAP_REQCERT**: Set ldap.conf TLS_REQCERT. Defaults to `demand`
+- **LDAP_CA_CRT_FILENAME**: Set ldap.conf TLS_CACERT to /container/service/phpldapadmin/ssl/$LDAP_CA_CRT_FILENAME. Defaults to `ldap-ca.crt`
+- **LDAP_CRT_FILENAME**: Set .ldaprc TLS_CERT to /container/service/phpldapadmin/ssl/$LDAP_CRT_FILENAME. Defaults to `ldap-client.crt`
+- **LDAP_KEY_FILENAME**: Set .ldaprc TLS_KEY to /container/service/phpldapadmin/ssl/$LDAP_KEY_FILENAME. Defaults to `ldap-client.key`
+
+	More information at : http://www.openldap.org/doc/admin24/tls.html (16.2.2. Client Configuration)
+
+### Set environment variables at run time :
+
+Environment variable can be set directly by adding the -e argument in the command line, for example :
+
+	docker run -h phpldapadmin.example.org -e LDAP_HOSTS="ldap.example.org" \
+	-d osixia/phpldapadmin
+
+Or by setting your own `env.yaml` file as a docker volume to `/etc/env.yaml`
+
+	docker run -h ldap.example.org -v /data/my-env.yaml:/etc/env.yaml \
+	-d osixia/openldap
+
 ## Manual build
 
 Clone this project :
 
 	git clone https://github.com/osixia/docker-phpLDAPadmin
-	cd docker-mariadb
+	cd docker-phpLDAPadmin
 
 Adapt Makefile, set your image NAME and VERSION, for example :
 
 	NAME = osixia/phpldapadmin
-	VERSION = 0.5.0
-	
+	VERSION = 0.6.0
+
 	becomes :
 	NAME = billy-the-king/phpldapadmin
 	VERSION = 0.1.0
 
 Build your image :
-	
+
 	make build
-	
+
 Run your image :
 
 	docker run -d billy-the-king/phpldapadmin:0.1.0
@@ -80,6 +163,3 @@ We use **Bats** (Bash Automated Testing System) to test this image:
 Install Bats, and in this project directory run :
 
 	make test
-
-	
-

image/Dockerfile

@@ -1,42 +1,48 @@
-FROM osixia/baseimage:0.10.3
+FROM osixia/web-baseimage:0.1.0
 MAINTAINER Bertrand Gouny <bertrand.gouny@osixia.net>
 
 # phpLDAPadmin version
 ENV PHPLDAPADMIN_VERSION 1.2.3
 ENV PHPLDAPADMIN_SHA1 669fca66c75e24137e106fdd02e3832f81146e23
 
-# Use baseimage-docker's init system.
-CMD ["/sbin/my_init"]
+# Use baseimage's init system.
+# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/run
+CMD ["/container/tool/run"]
 
 # Install apache2 and php5-fpm using osixia/baseimage utils
-# Caution: /sbin/enable-service arguments order is important
+# Caution: /sbin/add-service-available arguments order is important
 # php5-fpm install will detect apache2 and configure it
 
 # Download, check integrity and unzip phpLDAPadmin to /var/www/phpldapadmin_bootstrap
-RUN apt-get update && /sbin/enable-service apache2 php5-fpm ssl-kit \
-	&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends patch php5-ldap php5-readline \
-	&& curl -o phpldapadmin.tgz -SL http://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${PHPLDAPADMIN_VERSION}/phpldapadmin-${PHPLDAPADMIN_VERSION}.tgz \
-	&& echo "$PHPLDAPADMIN_SHA1 *phpldapadmin.tgz" | sha1sum -c - \
-	&& mkdir -p /var/www/phpldapadmin_bootstrap /var/www/phpldapadmin \
-	&& tar -xzf phpldapadmin.tgz --strip 1 -C /var/www/phpldapadmin_bootstrap
-
-# Add install script and phpLDAPadmin assets
-ADD service/install.sh /tmp/install.sh
-ADD service/phpldapadmin/assets /osixia/phpldapadmin
-
-# Run install script and clean all
-RUN ./tmp/install.sh \
-	&& rm phpldapadmin.tgz \
-	&& apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN apt-get update \
+		&& /container/tool/install-multiple-process-stack \
+		&& /container/tool/install-service-available apache2 php5-fpm ssl-helper-openssl ssl-helper-gnutls \
+		&& LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+			 patch \
+			 php5-ldap \
+			 php5-readline \
+			 curl \
+		&& curl -o phpldapadmin.tgz -SL http://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${PHPLDAPADMIN_VERSION}/phpldapadmin-${PHPLDAPADMIN_VERSION}.tgz \
+		&& echo "$PHPLDAPADMIN_SHA1 *phpldapadmin.tgz" | sha1sum -c - \
+		&& mkdir -p /var/www/phpldapadmin_bootstrap /var/www/phpldapadmin \
+		&& tar -xzf phpldapadmin.tgz --strip 1 -C /var/www/phpldapadmin_bootstrap \
+		&& apt-get remove -y --purge --auto-remove curl
+
+# Add service directory to /container/service
+ADD service /container/service
+
+# Use baseimage install-service script and clean all
+# https://github.com/osixia/docker-light-baseimage/blob/stable/image/tool/install-service
+RUN /container/tool/install-service \
+		&& rm phpldapadmin.tgz \
+		&& apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # Add default env variables
-ADD env.yml /etc/env.yml
-
-# Add phpLDAPadmin container start config
-ADD service/phpldapadmin/container-start.sh /etc/my_init.d/phpldapadmin
+ADD env.yaml /etc/env.yaml
 
 # Set phpLDAPadmin data directory in a data volume
 VOLUME ["/var/www/phpldapadmin"]
 
 # Expose http and https default ports
-EXPOSE 80 443
+EXPOSE 80 443

image/env.yml renamed to image/env.yaml

@@ -1,5 +1,5 @@
 LDAP_HOSTS:
-  - ldap1.example.org:
+  - ldap.example.org:
     - server:
       - tls: true
     - login:
@@ -8,16 +8,25 @@ LDAP_HOSTS:
   - ldap3.example.org
 
 # Apache
-SERVER_NAME: example.org
 SERVER_ADMIN: webmaster@example.org
 
-# Self signed certificat will be generated 
+# Self signed certificat will be generated
 # if HTTPS is set to true and no certificat and key are provided.
 
 # To use your custom certificat and key 2 options :
 # - add them in service/phpldapadmin/assets/apache2/ssl and build the image
-# - or during docker run mount a data volume with thoses files to /osixia/phpldapadmin/apache2/ssl
+# - or during docker run mount a data volume with thoses files to /container/service/phpldapadmin/assets/apache2/ssl
 HTTPS: true
 SSL_CRT_FILENAME: phpldapadmin.crt
 SSL_KEY_FILENAME: phpldapadmin.key
-SSL_CA_CRT_FILENAME: ca.crt
+SSL_CA_CRT_FILENAME: ca.crt
+
+# LDAP certificate
+USE_LDAP_CLIENT_SSL: true
+
+LDAP_REQCERT: demand
+LDAP_CA_CRT_FILENAME: ldap-ca.crt
+
+# client certificate
+LDAP_CRT_FILENAME: ldap-client.crt
+LDAP_KEY_FILENAME: ldap-client.key

image/service/install.sh

@@ -1,13 +1,14 @@
 <VirtualHost *:80>
-	ServerName ${SERVER_NAME}
-	Redirect permanent / https://${SERVER_NAME}/
+	ServerName ${HOSTNAME}
+	Redirect permanent / https://${HOSTNAME}/
 </VirtualHost>
 
 <IfModule mod_ssl.c>
 	<VirtualHost _default_:443>
 
-		ServerName ${SERVER_NAME}
+		ServerName ${HOSTNAME}
 		ServerAdmin ${SERVER_ADMIN}
+		ServerPath /phpldapadmin
 
 		DocumentRoot /var/www/phpldapadmin/htdocs
 
@@ -16,9 +17,9 @@
 
 		Include /etc/apache2/conf-available/vhost-partial-ssl.conf
 
-		SSLCertificateFile    /osixia/phpldapadmin/apache2/ssl/${SSL_CRT_FILENAME}
-		SSLCertificateKeyFile /osixia/phpldapadmin/apache2/ssl/${SSL_KEY_FILENAME}
-		#SSLCACertificateFile /osixia/phpldapadmin/apache2/ssl/${SSL_CA_CRT_FILENAME}
+		SSLCertificateFile    /container/service/phpldapadmin/assets/apache2/ssl/${SSL_CRT_FILENAME}
+		SSLCertificateKeyFile /container/service/phpldapadmin/assets/apache2/ssl/${SSL_KEY_FILENAME}
+		#SSLCACertificateFile /container/service/phpldapadmin/assets/apache2/ssl/${SSL_CA_CRT_FILENAME}
 
 		<Directory /var/www/phpldapadmin/htdocs >
 			Require all granted
@@ -29,4 +30,4 @@
 		</files>
 
 	</VirtualHost>
-</IfModule>
+</IfModule>

image/service/phpldapadmin/assets/apache2/phpldapadmin-ssl.conf

@@ -1,18 +1,20 @@
 <VirtualHost *:80>
-	ServerName ${SERVER_NAME}
 
+	ServerName ${HOSTNAME}
 	ServerAdmin ${SERVER_ADMIN}
+	ServerPath /phpldapadmin
+
 	DocumentRoot /var/www/phpldapadmin/htdocs
 
 	ErrorLog ${APACHE_LOG_DIR}/error.log
 	CustomLog ${APACHE_LOG_DIR}/access.log combined
 
-	<Directory /var/www/phpldapadmin/htdocs >	
+	<Directory /var/www/phpldapadmin/htdocs >
 		Require all granted
 	</Directory>
 
 	<files config.php >
 		Require all denied
 	</files>
 
-</VirtualHost>
+</VirtualHost>

image/service/phpldapadmin/assets/apache2/phpldapadmin.conf

@@ -1,2 +1,2 @@
-Add your ssl crt, key and ca crt here
-or during docker run mount a data volume with thoses files to /osixia/phpldapadmin/apache2/ssl
+Add your https ssl crt, key and ca crt here
+or during docker run mount a data volume with thoses files to /container/service/phpldapadmin/assets/apache2/ssl