This is a lightweight Docker container that provides the Hiawatha web server.
Usage is straightforward and relies only on a data volume mounted at /var/www. There is a second volume for logging at /var/log/hiawatha.
PHP is supported but is not built-in to the container. The startup script run.sh
will make provision for linking to a PHP-FPM instance listening on port 9000. If this is not linked PHP scripts will not be intepreted.
docker build -t heri16/hiawatha .
mkdir www
docker run -P --name web -v ./www/:/var/www -v ./hosts.conf:/etc/hiawatha/hosts.conf heri16/hiawatha
docker build -t heri16/hiawatha .
mkdir www log
docker run -d --name php-fpm php:fpm-alpine
docker run -P --name web --link php-fpm:php \
-v ./www/:/var/www \
-v ./log:/var/log/hiawatha \
-v ./hosts.conf:/etc/hiawatha/hosts.conf \
-v ./toolkits.conf:/etc/hiawatha/toolkits.conf \
-v ./bindings.conf:/etc/hiawatha/bindings.conf heri16/hiawatha
The goal here is to provide the most secure basic Hiawatha web server supporting multiple virtual hosts through shared docker volumes.
Use the example .conf files below to ensure that your hiawatha image will upgrade seamlessly and remain secure (when new versions of hiawatha is released).
However, you may also fully override hiawatha.conf if desired:
docker run -v ./hiawatha.conf:/etc/hiawatha/hiawatha.conf
Define multiple virtualhosts (if required).
VirtualHost {
Hostname = example.com
WebsiteRoot = /var/www/example.com/html
StartFile = index.php
AccessLogfile = /var/www/example.com/log/access.log
ErrorLogfile = /var/www/example.com/log/error.log
TimeForCGI = 180
UseFastCGI = PHP
PreventCSRF = prevent
PreventSQLi = prevent
PreventXSS = prevent
#RequireTLS = yes, 2678400
#TLScertFile = /etc/letsencrypt/live/example.com/fullchainwithkey.pem
#UseToolkit = drupal
}
Rewrite rules for drupal.
UrlToolkit {
ToolkitID = drupal
RequestURI isfile Return
Match ^/favicon.ico$ Return
Match /(.*)\?(.*) Rewrite /index.php?q=$1&$2
Match /(.*) Rewrite /index.php?q=$1
}
Activate HTTPS with default self-signed cert. (For convenience, /etc/hiawatha/tls/selfcertwithkey.pem is generated locally, by run.sh when the docker container is first started.)
MinTLSversion = 1.2
DHsize = 4096
Binding {
Port = 443
TLScertFile = tls/selfcertwithkey.pem
MaxRequestSize = 2048
TimeForRequest = 5, 30
}
Using docker compose is optional, but it is the recommended way for painless multi-container Docker services.
version: '2'
services:
php_fpm:
image: php:fpm-alpine
expose:
- "9000"
volumes:
- ./www/example.com/html/:/var/www/example.com/html:ro
- ./www/example.com/log/:/var/www/example.com/log:rw
hiawatha_web:
image: heri16/hiawatha:latest
links:
- php_fpm:php
environment:
- PHP_HOST=php
- PHP_FPM_PORT=9000
ports:
- "80:80"
- "443:443"
volumes:
- ./www/example.com/html/:/var/www/example.com/html:ro
- ./www/example.com/log/:/var/www/example.com/log:rw
- ./hiawatha/hosts.conf:/etc/hiawatha/hosts.conf:ro,Z
- ./hiawatha/bindings.conf:/etc/hiawatha/bindings.conf:ro,Z
- ./hiawatha/tls/example.com.pem:/etc/hiawatha/tls/example.com.pem:ro,Z