-
Notifications
You must be signed in to change notification settings - Fork 0
Configuration Web
Gabrielle Cruz edited this page Aug 25, 2023
·
4 revisions
├─ Intra
| ├─ db
| | ├─ Dockerfile
| | ├─ mmes.sql
| ├─ web
| | ├─ Dockerfile
| | ├─ index.html
| | ├─ intranet.conf
| ├─ docker-compose.yml
├─ Public
| ├─ web
| | ├─ Dockerfile
| | ├─ index.html
| | ├─ apache2.conf
| | ├─ b2b.conf
| | ├─ www.conf
| | ├─ b2b.php
web-in:
build:
context: ./web
dockerfile: Dockerfile
networks:
local:
ipv4_address: 172.16.1.4
volumes:
- ./web/index.html /var/www/html/
- ./web/intranet.conf /etc/apache2/sites-available/000-default.conf
container_name: web-in
dns:
- 172.16.1.2
Nous avons ces sites à déployer:
- un site web public présentant ses produits (www.mmes-3.ephec-ti.be)
- un site de vente en ligne réservé aux revendeurs (https://b2b.mmes-3.ephec-ti.be/)
Le site de vente est dynamique, vu qu'il doit être lié à une base de données, et donc doit être en relation avec notre DB afin de récupérer les produits que nous proposons sur notre site.
Le site web public est un simple site sans connexion à la DB, et permet que de présenter le site.
Notre DB se trouve dans la Trusted Zone, une zone super protégé dans notre réseau interne. Seul notre site web dynamique peut avoir accès à la DB pour le protéger au maximum. Nous l'avons déployé dans un autre conteneur Docker, et nous définissons le mode de passe de connéxion à la DB admin dans le Dockerfile lié au conteneur.
Les deux sites publiques se trouvent dans la DMZ, une zone de notre domaine accessible depuis l'internet. Seule les services accessibles depuis l'exterieur doivent s'y trouver pour protéger le réseau interne de la corruption.
Dockerfile
FROM ubuntu/apache2
RUN apt-get update && \
apt-get install -y apache2 && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
RUN apt-get -y update && apt-get -y install curl
COPY ./index.html /var/www/html/
COPY ./intranet.conf /etc/apache2/sites-available/000-default.conf
EXPOSE 80
index.html
<!DOCTYPE html>
<html>
<body>
<h2>Bienvenue sur l'intranet de WoodyToys !</h2>
<p>WoodyToys 2023 - MMES-3</p>
</body>
</html>intranet.conf
<VirtualHost *:80>
ServerAdmin simon.kinet@gmail.com
DocumentRoot /var/www/html
ServerName www.intra.mmes-3.ephec-ti.be
AddDefaultCharset UTF-8
</VirtualHost>
Dockerfile
FROM debian
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get upgrade -y
RUN apt-get install net-tools iproute2 iputils-ping dnsutils curl nano -y
RUN apt-get install apache2 php php-cli php-mysql libapache2-mod-php -y
COPY ./index.html /var/www/html/www/
COPY ./b2b.php /var/www/html/b2b/
COPY ./www.conf /etc/apache2/sites-available/
COPY ./b2b.conf /etc/apache2/sites-available/
# Port 443
RUN apt-get install -y software-properties-common
RUN apt-get install -y python3-certbot-apache
COPY ./apache2.conf /etc/apache2/
RUN a2ensite www.conf && a2ensite b2b.conf
RUN service apache2 start
RUN a2enmod ssl
RUN service apache2 restart
# certbot --apache
WORKDIR /var/www/
CMD [ "apache2ctl", "-D", "FOREGROUND" ]
index.html
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>SITE VITRINE</title>
</head>
<body>
<h1> Site pour le groupe MMES 3 </h1>
</body>
</html>apache2.conf
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.
# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.
# Global configuration
#
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the Mutex documentation (available
# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
#Mutex file:${APACHE_LOCK_DIR} default
#
# The directory where shm and other runtime files will be stored.
#
DefaultRuntimeDir ${APACHE_RUN_DIR}
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
b2b.conf
<VirtualHost *:80>
ServerName b2b.mmes-3.ephec-ti.be
DocumentRoot /var/www/html/b2b/
DirectoryIndex b2b.php
<Directory />
Options FollowSymLinks
AllowOverride all
</Directory>
<Directory /var/www/b2b/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
www.conf
<VirtualHost *:80>
ServerAdmin webmaster@mmes-3.ephec-ti.be
ServerName www.mmes-3.ephec-ti.be
DocumentRoot /var/www/html/www/
DirectoryIndex index.html
<Directory />
Options FollowSymLinks
AllowOverride all
</Directory>
<Directory /var/www/b2b/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
b2b.php
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<title> Site B2B</title>
</head>
<body>
<h1>Bienvenue sur le site B2B</h1>
<hr><br>
<h2> Output DB</h2>
<?php
$query ='SELECT * FROM stock;';
try
{
$db = new PDO('mysql:host=51.91.248.156;port=5000;dbname=wt','root','password');
$answer = $db->query($query);
$output = "<table>";
foreach(($answer->fetchAll(PDO::FETCH_ASSOC)) as $key => $var) {
if($key===0) {
$output .= '<tr>';
foreach($var as $col => $val) {
$output .= "<td><strong>" . $col . '</strong></td>';
}
$output .= '</tr>';
foreach($var as $col => $val) {
$output .= '<td>' . $val . '</td>';
}
$output .= '</tr>';
}
else {
$output .= '<tr>';
foreach($var as $col => $val) {
$output .= '<td>' . $val . '</td>';
}
$output .= '</tr>';
}
}
$output .= '</table>';
echo $output;
$db = null;
}
catch (PDOException $e) {
print "Erreur !: " . $e->getMessage() . "<br/>";
die();
}
echo '<hr><br>';?>
</body>
</html>Dockerfile
FROM mysql:latest
ENV MYSQL_ROOT_PASSWORD=password
ENV MYSQL_DATABASE=wt
ENV MYSQL_ROOT_HOST=51.91.248.16
COPY mmes.sql /docker-entrypoint-mmes.d/
mmes.sql
CREATE DATABASE wt;
USE wt;
CREATE TABLE `stock` (`id` INT AUTO_INCREMENT PRIMARY KEY,`name` varchar(255) DEFAULT NULL,`price` FLOAT(10) DEFAULT NULL);
INSERT INTO `stock` VALUES (NULL, 'jouet 1' , 1);
INSERT INTO `stock` VALUES (NULL, 'jouet 2' , 8);
INSERT INTO `stock` VALUES (NULL, 'jouet 3' , 4);sudo apt-get update
sudo apt-get upgrade apache
Il faut créer une nouvelle fichier .html et le placer dans le dossier web correspondant (interne ou public). Ensuite, il faut ajouter la localisation du fichier en se basant sur les exemples déjà présents:
exemple:
location = /test.html { root /var/www/b2b/; internal; }
Finalement, il faut l'ajouter sur le Dockerfile.
Il faut créer un nouveau fichier de configuration .conf dans le dossier web correspondant (interne ou public). Ensuite, il faut écrire une configuration en se basant sur une qui est déjà réalisée et en modifiant appropriement. Après, il faut renseigner le domaine sur site dans le DNS en utilisant un CNAME. Et finalement, il faut l'ajouter sur le Dockerfile.
Nous pouvons chercher ces éléments à observer pour trouver des informations de debug:
- soit par
docker logs <container> - soit par les logs dans le container:
/var/log/apache/access.log,/var/log/apache2/access.log, et/etc/httpd/logs/access_log
- Syntaxe dans le code PHP
- Vérifier les logs dans
/var/log/apache/access.logou/var/log/apache2/access.loget/var/log/php7.4-fpm.log
- Vérifier les logs dans
- Erreur 500
- Vérifier les logs dans
/var/log/apache/access.logou/var/log/apache2/access.log - Vérifier le tournement du container avec
docker ps
- Vérifier les logs dans
- Localisation dans les fichiers
.conf:- Bien indiquez l'emplacement exact des fichiers
.html/.php
- Bien indiquez l'emplacement exact des fichiers