From 1deedac36d696bf251b727757764a4a69027f023 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 12 Apr 2019 14:29:18 +0100 Subject: [PATCH 1/2] #165: Updates source image to 2.5.1. --- .dockerignore | 4 + .env.example | 25 + .gitignore | 1 + CHANGELOG.md | 30 + Dockerfile | 277 +- Makefile | 799 ++++-- README.md | 48 +- default.mk | 113 +- docker-compose.yml | 59 + environment.mk | 16 +- .../httpd/conf.d/00-deflate.conf | 0 .../httpd/conf.d/00-document-root-acl.conf | 0 .../httpd/conf.d/00-expires.conf | 0 .../httpd/conf.d/00-headers.conf | 0 .../httpd/conf.d/00-mime-type.conf | 0 .../httpd/conf.d/00-php-operating-mode.conf | 0 .../httpd/conf.d/00-reqtimeout.conf | 0 .../httpd/conf.d/00-server-status.conf | 0 .../httpd/conf.d/10-name-virtual-host.conf | 0 .../conf.d/10-virtual-host-encrypted.conf | 0 .../conf.d/10-virtual-host-unencrypted.conf | 0 .../conf.virtualhost.d/00-document-root.conf | 0 .../httpd/conf.virtualhost.d/00-log.conf | 0 .../httpd/conf.virtualhost.d/00-rewrite.conf | 0 .../conf.virtualhost.d/00-server-alias.conf | 0 .../conf.virtualhost.d/00-server-name.conf | 0 src/etc/profile.d/httpd-startup.sh | 3 - .../httpd/conf.d/php-fpm.conf.default | 22 - .../httpd/conf.d/php.conf.default | 28 - .../httpd/conf.d/ssl.conf.default | 217 -- .../httpd/conf.modules.d/00-base.conf.default | 68 - .../httpd/conf.modules.d/00-dav.conf.default | 3 - .../httpd/conf.modules.d/00-lua.conf.default | 1 - .../conf.modules.d/00-proxy.conf.default | 17 - .../httpd/conf.modules.d/00-ssl.conf.default | 1 - src/etc/services-config/httpd/conf/httpd.conf | 1016 ------- .../httpd/conf/httpd.conf.default | 1009 ------- .../httpd/conf/httpd24.conf.default | 353 --- .../httpd/httpd-bootstrap.conf | 28 - .../services-config/php/php-fpm.conf.default | 119 - .../php/php-fpm.d/www.conf.default | 423 --- src/etc/services-config/php/php.d/00-php.ini | 308 --- .../php/php.d/00-php.ini.default | 308 --- .../services-config/php/php.d/10-opcache.ini | 26 - .../php/php.d/10-opcache.ini.default | 26 - src/etc/services-config/php/php.ini.default | 1659 ------------ .../supervisord.d/httpd-bootstrap.conf | 12 +- .../supervisord.d/httpd-wrapper.conf | 12 +- ...ntos-ssh-apache-php-fcgi.register@.service | 175 +- .../centos-ssh-apache-php-fcgi@.service | 177 +- src/opt/scmi/default.sh | 104 +- src/opt/scmi/environment.sh | 28 +- src/opt/scmi/service-unit.sh | 10 +- src/usr/bin/healthcheck | 66 +- src/usr/sbin/httpd-bootstrap | 2339 ++++++++++++----- src/usr/sbin/httpd-startup | 208 -- src/usr/sbin/httpd-wrapper | 123 +- test/health_status | 264 ++ test/shpec/operation_shpec.sh | 464 ++-- 59 files changed, 3660 insertions(+), 7329 deletions(-) create mode 100644 .env.example create mode 100644 docker-compose.yml rename src/etc/{services-config => }/httpd/conf.d/00-deflate.conf (100%) rename src/etc/{services-config => }/httpd/conf.d/00-document-root-acl.conf (100%) rename src/etc/{services-config => }/httpd/conf.d/00-expires.conf (100%) rename src/etc/{services-config => }/httpd/conf.d/00-headers.conf (100%) rename src/etc/{services-config => }/httpd/conf.d/00-mime-type.conf (100%) rename src/etc/{services-config => }/httpd/conf.d/00-php-operating-mode.conf (100%) rename src/etc/{services-config => }/httpd/conf.d/00-reqtimeout.conf (100%) rename src/etc/{services-config => }/httpd/conf.d/00-server-status.conf (100%) rename src/etc/{services-config => }/httpd/conf.d/10-name-virtual-host.conf (100%) rename src/etc/{services-config => }/httpd/conf.d/10-virtual-host-encrypted.conf (100%) rename src/etc/{services-config => }/httpd/conf.d/10-virtual-host-unencrypted.conf (100%) rename src/etc/{services-config => }/httpd/conf.virtualhost.d/00-document-root.conf (100%) rename src/etc/{services-config => }/httpd/conf.virtualhost.d/00-log.conf (100%) rename src/etc/{services-config => }/httpd/conf.virtualhost.d/00-rewrite.conf (100%) rename src/etc/{services-config => }/httpd/conf.virtualhost.d/00-server-alias.conf (100%) rename src/etc/{services-config => }/httpd/conf.virtualhost.d/00-server-name.conf (100%) delete mode 100644 src/etc/profile.d/httpd-startup.sh delete mode 100644 src/etc/services-config/httpd/conf.d/php-fpm.conf.default delete mode 100644 src/etc/services-config/httpd/conf.d/php.conf.default delete mode 100644 src/etc/services-config/httpd/conf.d/ssl.conf.default delete mode 100644 src/etc/services-config/httpd/conf.modules.d/00-base.conf.default delete mode 100644 src/etc/services-config/httpd/conf.modules.d/00-dav.conf.default delete mode 100644 src/etc/services-config/httpd/conf.modules.d/00-lua.conf.default delete mode 100644 src/etc/services-config/httpd/conf.modules.d/00-proxy.conf.default delete mode 100644 src/etc/services-config/httpd/conf.modules.d/00-ssl.conf.default delete mode 100644 src/etc/services-config/httpd/conf/httpd.conf delete mode 100644 src/etc/services-config/httpd/conf/httpd.conf.default delete mode 100644 src/etc/services-config/httpd/conf/httpd24.conf.default delete mode 100644 src/etc/services-config/httpd/httpd-bootstrap.conf delete mode 100644 src/etc/services-config/php/php-fpm.conf.default delete mode 100644 src/etc/services-config/php/php-fpm.d/www.conf.default delete mode 100644 src/etc/services-config/php/php.d/00-php.ini delete mode 100644 src/etc/services-config/php/php.d/00-php.ini.default delete mode 100644 src/etc/services-config/php/php.d/10-opcache.ini delete mode 100644 src/etc/services-config/php/php.d/10-opcache.ini.default delete mode 100644 src/etc/services-config/php/php.ini.default rename src/etc/{services-config/supervisor => }/supervisord.d/httpd-bootstrap.conf (61%) rename src/etc/{services-config/supervisor => }/supervisord.d/httpd-wrapper.conf (72%) delete mode 100644 src/usr/sbin/httpd-startup create mode 100755 test/health_status diff --git a/.dockerignore b/.dockerignore index f1d19b8..9920c41 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,7 +1,11 @@ +.env +.env.example .git .gitignore dist +images test +docker-compose.yml LICENSE README-short.txt *.md diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..5d326c7 --- /dev/null +++ b/.env.example @@ -0,0 +1,25 @@ +APACHE_CONTENT_ROOT=/var/www/app +APACHE_CUSTOM_LOG_FORMAT=combined +APACHE_CUSTOM_LOG_LOCATION=var/log/apache_access_log +APACHE_ERROR_LOG_LOCATION=var/log/apache_error_log +APACHE_ERROR_LOG_LEVEL=warn +APACHE_EXTENDED_STATUS_ENABLED=false +APACHE_HEADER_X_SERVICE_UID={{HOSTNAME}} +APACHE_LOAD_MODULES= +APACHE_MOD_SSL_ENABLED=false +APACHE_MPM=worker +APACHE_OPERATING_MODE=production +APACHE_PUBLIC_DIRECTORY=public_html +APACHE_RUN_GROUP=app-www +APACHE_RUN_USER=app-www +APACHE_SERVER_ALIAS= +APACHE_SERVER_NAME= +APACHE_SSL_CERTIFICATE= +APACHE_SSL_CIPHER_SUITE=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS +APACHE_SSL_PROTOCOL=All -SSLv2 -SSLv3 +APACHE_SYSTEM_USER=app +PACKAGE_PATH=/opt/app +PHP_OPTIONS_DATE_TIMEZONE=UTC +PHP_OPTIONS_SESSION_NAME=PHPSESSID +PHP_OPTIONS_SESSION_SAVE_HANDLER=files +PHP_OPTIONS_SESSION_SAVE_PATH=var/session diff --git a/.gitignore b/.gitignore index 1db27ab..01faf4b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ +.env packages dist \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 95c6964..5899f3c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,36 @@ Summary of release changes for Version 2. CentOS-7 7.5.1804 x86_64, Apache 2.4, PHP-CGI 5.4 (FastCGI), PHP memcached 2.2, Zend Opcache 7.0. +### 2.1.0 - Unreleased + +- Updates `elinks` package to elinks-0.12-0.37.pre6.el7.0.1. +- Updates source image to [2.5.1](https://github.com/jdeathe/centos-ssh/releases/tag/2.5.1). +- Updates and restructures Dockerfile. +- Updates container naming conventions and readability of `Makefile`. +- Fixes issue with unexpected published port in run templates when `DOCKER_PORT_MAP_TCP_80`, `DOCKER_PORT_MAP_TCP_443` or `DOCKER_PORT_MAP_TCP_8443` is set to an empty string or 0. +- Fixes binary paths in systemd unit files for compatibility with both EL and Ubuntu hosts. +- Fixes link to OpenSSL ciphers manual page. +- Adds consideration for event lag into test cases for unhealthy health_status events. +- Adds port incrementation to Makefile's run template for container names with an instance suffix. +- Adds placeholder replacement of `RELEASE_VERSION` docker argument to systemd service unit template. +- Adds improvement to pull logic in systemd unit install template. +- Adds `SSH_AUTOSTART_SUPERVISOR_STDOUT` with a value "false", disabling startup of `supervisor_stdout`. +- Adds error messages to healthcheck script and includes supervisord check. +- Adds improved logging output. +- Adds images directory `.dockerignore` to reduce size of build context. +- Adds docker-compose configuration example. +- Adds improved lock/state file implementation between bootstrap and wrapper scripts. +- Adds graceful stop signals the supervisord configuration for `httpd-wrapper`. +- Removes use of `/etc/services-config` paths. +- Removes the unused group element from the default container name. +- Removes the node element from the default container name. +- Removes unused environment variables from Makefile and scmi configuration. +- Removes X-Fleet section from etcd register template unit-file. +- Removes unnecessary configuration file `/etc/httpd-bootstrap.conf`. +- Removes systemd health reporting from PHP-FPM configuration. +- Removes unnecessarily setting random passwords for system accounts during bootstrap; lock instead. +- Removes requirement for `/usr/sbin/httpd-startup`. + ### 2.0.1 - 2018-12-08 - Updates source image to [2.4.1](https://github.com/jdeathe/centos-ssh/releases/tag/2.4.1). diff --git a/Dockerfile b/Dockerfile index 98b5881..231ce33 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,24 +1,19 @@ -# ============================================================================= -# jdeathe/centos-ssh-apache-php-fcgi -# -# CentOS-7, Apache 2.4, PHP 5.4, PHP Memcached 2.2, Zend Opcache. -# -# ============================================================================= -FROM jdeathe/centos-ssh:2.4.1 +FROM jdeathe/centos-ssh:2.5.1 # Use the form ([{fqdn}-]{package-name}|[{fqdn}-]{provider-name}) ARG PACKAGE_NAME="app" ARG PACKAGE_PATH="/opt/${PACKAGE_NAME}" ARG PACKAGE_RELEASE_VERSION="0.11.0" +ARG RELEASE_VERSION="2.0.1" -# ----------------------------------------------------------------------------- -# FastCGI support -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ +# - Base install of required packages +# ------------------------------------------------------------------------------ RUN rpm --rebuilddb \ && yum -y install \ --setopt=tsflags=nodocs \ --disableplugin=fastestmirror \ - elinks-0.12-0.37.pre6.el7 \ + elinks-0.12-0.37.pre6.el7.0.1 \ fcgi-2.4.0-25.el7 \ httpd-2.4.6-88.el7.centos \ httpd-tools-2.4.6-88.el7.centos \ @@ -39,13 +34,37 @@ RUN rpm --rebuilddb \ && rm -rf /var/cache/yum/* \ && yum clean all -# ----------------------------------------------------------------------------- -# Global Apache configuration changes -# - Disable Apache directory indexes and welcome page. -# - Disable Apache language based content negotiation. -# - Custom Apache configuration. -# ----------------------------------------------------------------------------- -RUN cp -pf \ +# ------------------------------------------------------------------------------ +# Copy files into place +# ------------------------------------------------------------------------------ +ADD src / + +# ------------------------------------------------------------------------------ +# Provisioning +# - Add default system users +# - Limit threads for the application user +# - Disable Apache directory indexes and welcome page +# - Disable Apache language based content negotiation +# - Custom Apache configuration +# - Disable all Apache modules and enable the minimum +# - Disable SSL +# - Disable the default SSL Virtual Host +# - Global PHP configuration changes +# - Replace placeholders with values in systemd service unit template +# - Set permissions +# ------------------------------------------------------------------------------ +RUN useradd -r -M -d /var/www/app -s /sbin/nologin app \ + && useradd -r -M -d /var/www/app -s /sbin/nologin -G apache,app app-www \ + && usermod -a -G app-www app \ + && usermod -a -G app-www,app apache \ + && usermod -L app \ + && usermod -L app-www \ + && { printf -- \ + '\n@apache\tsoft\tnproc\t%s\n@apache\thard\tnproc\t%s\n' \ + '85' \ + '170'; \ + } >> /etc/security/limits.conf \ + && cp -pf \ /etc/httpd/conf/httpd.conf \ /etc/httpd/conf/httpd.conf.default \ && sed -i \ @@ -80,80 +99,59 @@ RUN cp -pf \ /etc/httpd/conf.d/welcome.conf \ && chmod 444 \ /etc/httpd/conf.d/welcome.conf \ - && { \ - echo ''; \ - echo '#'; \ - echo '# Custom configuration'; \ - echo '#'; \ - echo 'KeepAlive On'; \ - echo 'MaxKeepAliveRequests 200'; \ - echo 'KeepAliveTimeout 2'; \ - echo 'LogFormat \'; \ - echo ' "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" \'; \ - echo ' forwarded_for_combined'; \ - echo 'Include /etc/services-config/httpd/conf.d/*.conf'; \ - echo 'ExtendedStatus Off'; \ - echo 'Listen 8443'; \ - echo 'Options -Indexes'; \ - echo 'ServerSignature Off'; \ - echo 'ServerTokens Prod'; \ - echo 'TraceEnable Off'; \ - echo 'UseCanonicalName On'; \ - echo 'UseCanonicalPhysicalPort On'; \ - } >> /etc/httpd/conf/httpd.conf - -# ----------------------------------------------------------------------------- -# Disable all Apache modules and enable the minimum -# ----------------------------------------------------------------------------- -RUN sed -i \ - -e 's~^\(LoadModule .*\)$~#\1~g' \ - -e 's~^#\(LoadModule mime_module .*\)$~\1~' \ - -e 's~^#\(LoadModule log_config_module .*\)$~\1~' \ - -e 's~^#\(LoadModule setenvif_module .*\)$~\1~' \ - -e 's~^#\(LoadModule status_module .*\)$~\1~' \ - -e 's~^#\(LoadModule authz_host_module .*\)$~\1~' \ - -e 's~^#\(LoadModule dir_module .*\)$~\1~' \ - -e 's~^#\(LoadModule alias_module .*\)$~\1~' \ - -e 's~^#\(LoadModule expires_module .*\)$~\1~' \ - -e 's~^#\(LoadModule deflate_module .*\)$~\1~' \ - -e 's~^#\(LoadModule headers_module .*\)$~\1~' \ - -e 's~^#\(LoadModule alias_module .*\)$~\1~' \ - -e 's~^#\(LoadModule version_module .*\)$~\1~' \ - /etc/httpd/conf.modules.d/00-base.conf \ - /etc/httpd/conf.modules.d/00-dav.conf \ - /etc/httpd/conf.modules.d/00-lua.conf \ - /etc/httpd/conf.modules.d/00-proxy.conf \ - /etc/httpd/conf.modules.d/00-ssl.conf \ - /etc/httpd/conf.modules.d/00-systemd.conf - -# ----------------------------------------------------------------------------- -# Disable SSL + the default SSL Virtual Host -# ----------------------------------------------------------------------------- -RUN sed -ri \ + && { printf -- \ + '\n%s\n%s\n%s\n%s\n%s\n%s\n%s\\\n%s%s\\\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n' \ + '#' \ + '# Custom configuration' \ + '#' \ + 'KeepAlive On' \ + 'MaxKeepAliveRequests 200' \ + 'KeepAliveTimeout 2' \ + 'LogFormat ' \ + ' "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b' \ + ' \"%{Referer}i\" \"%{User-Agent}i\"" ' \ + ' forwarded_for_combined' \ + 'ExtendedStatus Off' \ + 'Listen 8443' \ + 'Options -Indexes' \ + 'ServerSignature Off' \ + 'ServerTokens Prod' \ + 'TraceEnable Off' \ + 'UseCanonicalName On' \ + 'UseCanonicalPhysicalPort On'; \ + } >> /etc/httpd/conf/httpd.conf \ + && sed -i \ + -e 's~^\(LoadModule .*\)$~#\1~g' \ + -e 's~^#\(LoadModule mime_module .*\)$~\1~' \ + -e 's~^#\(LoadModule log_config_module .*\)$~\1~' \ + -e 's~^#\(LoadModule setenvif_module .*\)$~\1~' \ + -e 's~^#\(LoadModule status_module .*\)$~\1~' \ + -e 's~^#\(LoadModule authz_host_module .*\)$~\1~' \ + -e 's~^#\(LoadModule dir_module .*\)$~\1~' \ + -e 's~^#\(LoadModule alias_module .*\)$~\1~' \ + -e 's~^#\(LoadModule expires_module .*\)$~\1~' \ + -e 's~^#\(LoadModule deflate_module .*\)$~\1~' \ + -e 's~^#\(LoadModule headers_module .*\)$~\1~' \ + -e 's~^#\(LoadModule alias_module .*\)$~\1~' \ + -e 's~^#\(LoadModule version_module .*\)$~\1~' \ + /etc/httpd/conf.modules.d/00-base.conf \ + /etc/httpd/conf.modules.d/00-dav.conf \ + /etc/httpd/conf.modules.d/00-lua.conf \ + /etc/httpd/conf.modules.d/00-proxy.conf \ + /etc/httpd/conf.modules.d/00-ssl.conf \ + /etc/httpd/conf.modules.d/00-systemd.conf \ + && sed -ri \ -e '//,/<\/VirtualHost>/ s~^~#~' \ -e 's~(SSLSessionCacheTimeout.*)$~\1\n\nSSLUseStapling on\nSSLStaplingCache shmcb:/run/httpd/sslstaplingcache(512000)\nSSLStaplingResponderTimeout 5\nSSLStaplingReturnResponderErrors off~' \ /etc/httpd/conf.d/ssl.conf \ && cat \ /etc/httpd/conf.d/ssl.conf \ > /etc/httpd/conf.d/ssl.conf.off \ - && > \ + && truncate -s 0 \ /etc/httpd/conf.d/ssl.conf \ - && chmod 444 \ - /etc/httpd/conf.d/ssl.conf - -# ----------------------------------------------------------------------------- -# Limit threads for the application user -# ----------------------------------------------------------------------------- -RUN { \ - echo ''; \ - echo -e '@apache\tsoft\tnproc\t85'; \ - echo -e '@apache\thard\tnproc\t170'; \ - } >> /etc/security/limits.conf - -# ----------------------------------------------------------------------------- -# Global PHP configuration changes -# ----------------------------------------------------------------------------- -RUN sed \ + && chmod 644 \ + /etc/httpd/conf.d/ssl.conf \ + && sed \ -e 's~^; .*$~~' \ -e 's~^;*$~~' \ -e '/^$/d' \ @@ -184,70 +182,16 @@ RUN sed \ -e 's~^\(opcache.max_accelerated_files=\).*$~\132531~g' \ -e 's~^;\(opcache.validate_timestamps=\).*$~\10~g' \ /etc/php.d/opcache.ini.default \ - > /etc/php.d/opcache.ini - -# ----------------------------------------------------------------------------- -# Add default system users -# ----------------------------------------------------------------------------- -RUN useradd -r -M -d /var/www/app -s /sbin/nologin app \ - && useradd -r -M -d /var/www/app -s /sbin/nologin -G apache,app app-www \ - && usermod -a -G app-www app \ - && usermod -a -G app-www,app apache - -# ----------------------------------------------------------------------------- -# Copy files into place -# ----------------------------------------------------------------------------- -ADD src/usr/bin \ - /usr/bin/ -ADD src/usr/sbin \ - /usr/sbin/ -ADD src/opt/scmi \ - /opt/scmi/ -ADD src/etc/profile.d \ - /etc/profile.d/ -ADD src/etc/systemd/system \ - /etc/systemd/system/ -ADD src/etc/services-config/httpd/httpd-bootstrap.conf \ - /etc/services-config/httpd/ -ADD src/etc/services-config/httpd/conf.d/*.conf \ - /etc/services-config/httpd/conf.d/ -ADD src/etc/services-config/httpd/conf.virtualhost.d/*.conf \ - /etc/services-config/httpd/conf.virtualhost.d/ -ADD src/etc/services-config/supervisor/supervisord.d \ - /etc/services-config/supervisor/supervisord.d/ - -RUN mkdir -p \ - /etc/services-config/{httpd/{conf,conf.d,conf.virtualhost.d},ssl/{certs,private}} \ - && cp \ - /etc/httpd/conf/httpd.conf \ - /etc/services-config/httpd/conf/ \ - && ln -sf \ - /etc/services-config/httpd/conf.virtualhost.d \ - /etc/httpd/conf.virtualhost.d \ - && ln -sf \ - /etc/services-config/httpd/httpd-bootstrap.conf \ - /etc/httpd-bootstrap.conf \ - && ln -sf \ - /etc/services-config/httpd/conf/httpd.conf \ - /etc/httpd/conf/httpd.conf \ - && ln -sf \ - /etc/services-config/ssl/certs/localhost.crt \ - /etc/pki/tls/certs/localhost.crt \ - && ln -sf \ - /etc/services-config/supervisor/supervisord.conf \ - /etc/supervisord.conf \ - && ln -sf \ - /etc/services-config/supervisor/supervisord.d/httpd-bootstrap.conf \ - /etc/supervisord.d/httpd-bootstrap.conf \ - && ln -sf \ - /etc/services-config/supervisor/supervisord.d/httpd-wrapper.conf \ - /etc/supervisord.d/httpd-wrapper.conf \ + > /etc/php.d/opcache.ini \ + && sed -i \ + -e "s~{{RELEASE_VERSION}}~${RELEASE_VERSION}~g" \ + /etc/systemd/system/centos-ssh-apache-php-fcgi@.service \ && chmod 700 \ - /usr/{bin/healthcheck,sbin/httpd-{bootstrap,startup,wrapper}} + /usr/{bin/healthcheck,sbin/httpd-{bootstrap,wrapper}} -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Package installation -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ RUN mkdir -p -m 750 ${PACKAGE_PATH} \ && curl -Ls \ https://github.com/jdeathe/php-hello-world/archive/${PACKAGE_RELEASE_VERSION}.tar.gz \ @@ -274,31 +218,22 @@ RUN mkdir -p -m 750 ${PACKAGE_PATH} \ && find ${PACKAGE_PATH} -type f -exec chmod 640 {} + \ && find ${PACKAGE_PATH}/bin -type f -exec chmod 750 {} + -# Fix Version requirements for setifempty Header option. -RUN sed -i \ - -e 's~~~' \ - -e 's~= 2.4>~= 2.4.7>~' \ - -e 's~^\(\s*Header always setifempty.*\)$~#\1~' \ - ${PACKAGE_PATH}/etc/httpd/conf.d/50-headers.conf - -EXPOSE 80 8443 443 +EXPOSE 80 443 8443 -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Set default environment variables used to configure the service container -# ----------------------------------------------------------------------------- -ENV APACHE_CONTENT_ROOT="/var/www/${PACKAGE_NAME}" \ - BASH_ENV="/usr/sbin/httpd-startup" \ - ENV="/usr/sbin/httpd-startup" -ENV APACHE_AUTOSTART_HTTPD_BOOTSTRAP=true \ - APACHE_AUTOSTART_HTTPD_WRAPPER=true \ +# ------------------------------------------------------------------------------ +ENV APACHE_AUTOSTART_HTTPD_BOOTSTRAP="true" \ + APACHE_AUTOSTART_HTTPD_WRAPPER="true" \ + APACHE_CONTENT_ROOT="/var/www/${PACKAGE_NAME}" \ APACHE_CUSTOM_LOG_FORMAT="combined" \ APACHE_CUSTOM_LOG_LOCATION="var/log/apache_access_log" \ APACHE_ERROR_LOG_LOCATION="var/log/apache_error_log" \ APACHE_ERROR_LOG_LEVEL="warn" \ - APACHE_EXTENDED_STATUS_ENABLED=false \ + APACHE_EXTENDED_STATUS_ENABLED="false" \ APACHE_HEADER_X_SERVICE_UID="{{HOSTNAME}}" \ APACHE_LOAD_MODULES="" \ - APACHE_MOD_SSL_ENABLED=false \ + APACHE_MOD_SSL_ENABLED="false" \ APACHE_MPM="worker" \ APACHE_OPERATING_MODE="production" \ APACHE_PUBLIC_DIRECTORY="public_html" \ @@ -315,21 +250,19 @@ ENV APACHE_AUTOSTART_HTTPD_BOOTSTRAP=true \ PHP_OPTIONS_SESSION_NAME="PHPSESSID" \ PHP_OPTIONS_SESSION_SAVE_HANDLER="files" \ PHP_OPTIONS_SESSION_SAVE_PATH="var/session" \ - SSH_AUTOSTART_SSHD=false \ - SSH_AUTOSTART_SSHD_BOOTSTRAP=false + SSH_AUTOSTART_SSHD="false" \ + SSH_AUTOSTART_SSHD_BOOTSTRAP="false" \ + SSH_AUTOSTART_SUPERVISOR_STDOUT="false" -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Set image metadata -# ----------------------------------------------------------------------------- -ARG RELEASE_VERSION="2.0.1" +# ------------------------------------------------------------------------------ LABEL \ maintainer="James Deathe " \ install="docker run \ --rm \ --privileged \ --volume /:/media/root \ ---env BASH_ENV="" \ ---env ENV="" \ jdeathe/centos-ssh-apache-php-fcgi:${RELEASE_VERSION} \ /usr/sbin/scmi install \ --chroot=/media/root \ @@ -339,8 +272,6 @@ jdeathe/centos-ssh-apache-php-fcgi:${RELEASE_VERSION} \ --rm \ --privileged \ --volume /:/media/root \ ---env BASH_ENV="" \ ---env ENV="" \ jdeathe/centos-ssh-apache-php-fcgi:${RELEASE_VERSION} \ /usr/sbin/scmi uninstall \ --chroot=/media/root \ @@ -360,4 +291,4 @@ HEALTHCHECK \ --retries=10 \ CMD ["/usr/bin/healthcheck"] -CMD ["/usr/sbin/httpd-startup", "/usr/bin/supervisord", "--configuration=/etc/supervisord.conf"] \ No newline at end of file +CMD ["/usr/bin/supervisord", "--configuration=/etc/supervisord.conf"] diff --git a/Makefile b/Makefile index c599184..5ebb343 100644 --- a/Makefile +++ b/Makefile @@ -14,22 +14,22 @@ Targets: clean Clean up build artifacts. create Execute the create container template. dist Pull a release version from the registry and save a - package suitable for offline distribution. Image is + package suitable for offline distribution. Image is saved as a tar archive, compressed with xz. distclean Clean up distribution artifacts. exec COMMAND [ARG...] Run command in a the running container. help Show this help. - install Terminate running container and run the docker + install Terminate running container and run the docker create template. images Show container's image details. - load Loads from the distribution package. Requires + load Loads from the distribution package. Requires DOCKER_IMAGE_TAG variable. logs Display log output from the running container. logs-delayed Display log output from the running container after - backing off for STARTUP_TIME seconds. This can be + backing off for STARTUP_TIME seconds. This can be necessary when chaining make targets together. pause Pause the running container. - pull Pull the release image from the registry. Requires + pull Pull the release image from the registry. Requires the DOCKER_IMAGE_TAG variable. ps Display the details of the container process. restart Restarts the container. @@ -43,26 +43,25 @@ Targets: unpause Unpause the container when in a paused state. Variables: - - DOCKER_CONTAINER_OPTS Set optional docker parameters to append that will + - DOCKER_CONTAINER_OPTS Set optional docker parameters to append that will be appended to the create and run templates. - DOCKER_IMAGE_TAG Defines the image tag name. - DOCKER_NAME Container name. The required format is as follows - where and are required numeric - values and group is optional. - {|.[group]}.. - - DOCKER_PORT_MAP_TCP_* The port map variable is used to define the initial - port mapping to use for the docker host value where + where and are numeric values. + [.[.]] + - DOCKER_PORT_MAP_TCP_* The port map variable is used to define the initial + port mapping to use for the docker host value where "*" corresponds to an exposed port on the container. - Setting this to an empty string or 0 will result in - an automatically assigned port and setting to NULL + Setting this to an empty string or 0 will result in + an automatically assigned port and setting to NULL will prevent the port from being published. - - DOCKER_RESTART_POLICY Defines the container restart policy. - - DIST_PATH Ouput directory path - where the release package + - DOCKER_RESTART_POLICY Defines the container restart policy. + - DIST_PATH Ouput directory path - where the release package artifacts are placed. - - NO_CACHE When true, no cache will be used while running the + - NO_CACHE When true, no cache will be used while running the build target. - - STARTUP_TIME Defines the number of seconds expected to complete - the startup process, including the bootstrap where + - STARTUP_TIME Defines the number of seconds expected to complete + the startup process, including the bootstrap where applicable. endef @@ -128,6 +127,23 @@ get-docker-info := $(shell \ $(docker) info \ ) +define get-docker-image-id +$$(if [[ -n $$($(docker) images -q \ + $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(1) \ + ) ]]; \ +then \ + printf -- '%s\n' \ + "$$($(docker) images -q \ + $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(1) \ + )"; \ +else \ + printf -- '%s\n' \ + "$$($(docker) images -q \ + docker.io/$(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(1) \ + )"; \ +fi) +endef + .PHONY: \ _prerequisites \ _require-docker-container \ @@ -182,77 +198,179 @@ ifeq ($(get-docker-info),) endif _require-docker-container: - @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)This operation requires the $(DOCKER_NAME) docker container."; \ - echo "$(PREFIX_SUB_STEP)Try installing it with: make install"; \ + @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; \ + then \ + printf -- '%sThis operation requires the %s container.\n' \ + "$(PREFIX_STEP_NEGATIVE)" \ + "$(DOCKER_NAME)" \ + >&2; \ + printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$(DOCKER_NAME)" \ + "install" \ + >&2; \ exit 1; \ fi _require-docker-container-not: - @ if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)This operation requires the $(DOCKER_NAME) docker container be removed (or renamed)."; \ - echo "$(PREFIX_SUB_STEP)Try removing it with: make rm"; \ + @ if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; \ + then \ + printf -- '%sThis operation requires the %s container %s.\n' \ + "$(PREFIX_STEP_NEGATIVE)" \ + "$(DOCKER_NAME)" \ + "be removed or renamed" \ + >&2; \ + printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$(DOCKER_NAME)" \ + "rm" \ + >&2; \ exit 1; \ fi _require-docker-container-not-status-paused: - @ if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=paused") ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)This operation requires the $(DOCKER_NAME) docker container to be unpaused."; \ - echo "$(PREFIX_SUB_STEP)Try unpausing it with: make unpause"; \ + @ if [[ -n $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=paused" \ + ) ]]; \ + then \ + printf -- '%sThis operation requires the %s container %s.\n' \ + "$(PREFIX_STEP_NEGATIVE)" \ + "$(DOCKER_NAME)" \ + "to be unpaused" \ + >&2; \ + printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$(DOCKER_NAME)" \ + "unpause" \ + >&2; \ exit 1; \ fi _require-docker-container-status-created: - @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=created") ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)This operation requires the $(DOCKER_NAME) docker container to be created."; \ - echo "$(PREFIX_SUB_STEP)Try installing it with: make install"; \ + @ if [[ -z $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=created" \ + ) ]]; \ + then \ + printf -- '%sThis operation requires the %s container %s.\n' \ + "$(PREFIX_STEP_NEGATIVE)" \ + "$(DOCKER_NAME)" \ + "to be created" \ + >&2; \ + printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$(DOCKER_NAME)" \ + "install" \ + >&2; \ exit 1; \ fi _require-docker-container-status-exited: - @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=exited") ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)This operation requires the $(DOCKER_NAME) docker container to be exited."; \ - echo "$(PREFIX_SUB_STEP)Try stopping it with: make stop"; \ + @ if [[ -z $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=exited" \ + ) ]]; \ + then \ + printf -- '%sThis operation requires the %s container %s.\n' \ + "$(PREFIX_STEP_NEGATIVE)" \ + "$(DOCKER_NAME)" \ + "to be exited" \ + >&2; \ + printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$(DOCKER_NAME)" \ + "stop" \ + >&2; \ exit 1; \ fi _require-docker-container-status-paused: - @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=paused") ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)This operation requires the $(DOCKER_NAME) docker container to be paused."; \ - echo "$(PREFIX_SUB_STEP)Try pausing it with: make pause"; \ + @ if [[ -z $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=paused" \ + ) ]]; \ + then \ + printf -- '%sThis operation requires the %s container %s.\n' \ + "$(PREFIX_STEP_NEGATIVE)" \ + "$(DOCKER_NAME)" \ + "to be paused" \ + >&2; \ + printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$(DOCKER_NAME)" \ + "pause" \ + >&2; \ exit 1; \ fi _require-docker-container-status-running: - @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=running") ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)This operation requires the $(DOCKER_NAME) docker container to be running."; \ - echo "$(PREFIX_SUB_STEP)Try starting it with: make start"; \ + @ if [[ -z $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=running" \ + ) ]]; \ + then \ + printf -- '%sThis operation requires the %s container %s.\n' \ + "$(PREFIX_STEP_NEGATIVE)" \ + "$(DOCKER_NAME)" \ + "to be running" \ + >&2; \ + printf -- '%sTry: DOCKER_NAME=%s make %s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$(DOCKER_NAME)" \ + "start" \ + >&2; \ exit 1; \ fi _require-docker-image-tag: - @ if [[ -z $$(if [[ $(DOCKER_IMAGE_TAG) =~ $(DOCKER_IMAGE_TAG_PATTERN) ]]; then echo $(DOCKER_IMAGE_TAG); else echo ''; fi) ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)Invalid DOCKER_IMAGE_TAG value: $(DOCKER_IMAGE_TAG)"; \ + @ if ! [[ "$(DOCKER_IMAGE_TAG)" =~ $(DOCKER_IMAGE_TAG_PATTERN) ]]; \ + then \ + printf -- '%sInvalid %s value: %s\n' \ + "$(PREFIX_STEP_NEGATIVE)" \ + "DOCKER_IMAGE_TAG" \ + "$(DOCKER_IMAGE_TAG)" \ + >&2; \ exit 1; \ fi _require-docker-release-tag: - @ if [[ -z $$(if [[ $(DOCKER_IMAGE_TAG) =~ $(DOCKER_IMAGE_RELEASE_TAG_PATTERN) ]]; then echo $(DOCKER_IMAGE_TAG); else echo ''; fi) ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)Invalid DOCKER_IMAGE_TAG value: $(DOCKER_IMAGE_TAG)"; \ - echo "$(PREFIX_SUB_STEP)A release tag is required for this operation."; \ + @ if ! [[ "$(DOCKER_IMAGE_TAG)" =~ $(DOCKER_IMAGE_RELEASE_TAG_PATTERN) ]]; \ + then \ + printf -- '%sInvalid %s value: %s\n' \ + "$(PREFIX_STEP_NEGATIVE)" \ + "DOCKER_IMAGE_TAG" \ + "$(DOCKER_IMAGE_TAG)" \ + >&2; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP)" \ + "A release tag is required for this operation." \ + >&2; \ exit 1; \ fi _require-package-path: - @ if [[ -n $(DIST_PATH) ]] && [[ ! -d $(DIST_PATH) ]]; then \ - echo "$(PREFIX_STEP)Creating package directory"; \ + @ if [[ -n $(DIST_PATH) ]] && [[ ! -d $(DIST_PATH) ]]; \ + then \ + printf -- '%s%\n' \ + "$(PREFIX_STEP)" \ + "Creating package directory"; \ mkdir -p $(DIST_PATH); \ fi; \ - if [[ ! $${?} -eq 0 ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)Failed to make package path: $(DIST_PATH)"; \ + if [[ ! $${?} -eq 0 ]]; \ + then \ + printf -- '%s%s: %s\n' \ + "$(PREFIX_STEP_NEGATIVE)" \ + "Failed to make package path" \ + "$(DIST_PATH)" \ + >&2; \ exit 1; \ - elif [[ -z $(DIST_PATH) ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)Undefined DIST_PATH"; \ + elif [[ -z $(DIST_PATH) ]]; \ + then \ + printf -- '%sUndefined %s\n' \ + "$(PREFIX_STEP_NEGATIVE)" \ + "DIST_PATH" \ + >&2; \ exit 1; \ fi @@ -264,252 +382,557 @@ endif _usage: @: $(info $(USAGE)) -all: _prerequisites | build images install start ps +all: \ + _prerequisites \ + | \ + build \ + images \ + install \ + start \ + ps -# build NO_CACHE=[{false,true}] -build: _prerequisites _require-docker-image-tag - @ echo "$(PREFIX_STEP)Building $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)" - @ if [[ $(NO_CACHE) == true ]]; then \ - echo "$(PREFIX_SUB_STEP)Skipping cache"; \ +build: \ + _prerequisites \ + _require-docker-image-tag + @ printf -- '%sBuilding %s/%s:%s\n' \ + "$(PREFIX_STEP)" \ + "$(DOCKER_USER)" \ + "$(DOCKER_IMAGE_NAME)" \ + "$(DOCKER_IMAGE_TAG)" + @ if [[ $(NO_CACHE) == true ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP)" \ + "Skipping cache"; \ fi @ $(docker) build \ --no-cache=$(NO_CACHE) \ -t $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) \ .; \ - if [[ $${?} -eq 0 ]]; then \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Build complete"; \ + if [[ $${?} -eq 0 ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Build complete"; \ else \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)Build error"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Build error" \ + >&2; \ exit 1; \ fi -clean: _prerequisites | terminate rmi +clean: \ + _prerequisites \ + | \ + terminate \ + rmi -create: _prerequisites _require-docker-container-not - @ echo "$(PREFIX_STEP)Creating container" +create: \ + _prerequisites \ + _require-docker-container-not + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Creating container" @ set -x; \ $(docker) create \ $(DOCKER_CONTAINER_PARAMETERS) \ $(DOCKER_PUBLISH) \ $(DOCKER_CONTAINER_OPTS) \ - $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) 1> /dev/null; - @ if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=created") ]]; then \ - echo "$(PREFIX_SUB_STEP)$$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=created")"; \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Container created"; \ + $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) \ + 1> /dev/null + @ if [[ -n $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=created" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=created" \ + )"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Container created"; \ else \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)Container creation failed"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Container creation failed" \ + >&2; \ exit 1; \ fi -dist: _prerequisites _require-docker-release-tag _require-package-path | pull +dist: \ + _prerequisites \ + _require-docker-release-tag \ + _require-package-path \ + | \ + pull $(eval $@_dist_path := $(realpath \ $(DIST_PATH) \ )) - @ if [[ -s $($@_dist_path)/$(DOCKER_IMAGE_NAME).$(DOCKER_IMAGE_TAG).tar.xz ]]; then \ - echo "$(PREFIX_STEP)Saving package"; \ - echo "$(PREFIX_SUB_STEP)Package path: $($@_dist_path)/$(DOCKER_IMAGE_NAME).$(DOCKER_IMAGE_TAG).tar.xz"; \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Package already exists"; \ + $(eval $@_dist_file := $(shell \ + printf -- '%s.%s.tar.xz' \ + "$(DOCKER_IMAGE_NAME)" \ + "$(DOCKER_IMAGE_TAG)" \ + )) + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Saving package" + @ if [[ -s $($@_dist_path)/$($@_dist_file) ]]; \ + then \ + printf -- '%sPackage path: %s/%s.%s.tar.xz\n' \ + "$(PREFIX_SUB_STEP)" \ + "$($@_dist_path)" \ + "$(DOCKER_IMAGE_NAME)" \ + "$(DOCKER_IMAGE_TAG)"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Package already exists"; \ else \ - echo "$(PREFIX_STEP)Saving package"; \ $(docker) save \ - $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) | \ - $(xz) -9 > \ - $($@_dist_path)/$(DOCKER_IMAGE_NAME).$(DOCKER_IMAGE_TAG).tar.xz; \ - if [[ $${?} -eq 0 ]]; then \ - echo "$(PREFIX_SUB_STEP)Package path: $($@_dist_path)/$(DOCKER_IMAGE_NAME).$(DOCKER_IMAGE_TAG).tar.xz"; \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Package saved"; \ + $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) \ + | $(xz) -9 \ + > $($@_dist_path)/$($@_dist_file); \ + if [[ $${?} -eq 0 ]]; \ + then \ + printf -- '%sPackage path: %s/%s.%s.tar.xz\n' \ + "$(PREFIX_SUB_STEP)" \ + "$($@_dist_path)" \ + "$(DOCKER_IMAGE_NAME)" \ + "$(DOCKER_IMAGE_TAG)"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Package saved"; \ else \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)Package save error"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Package save error" \ + >&2; \ exit 1; \ fi; \ fi -distclean: _prerequisites _require-docker-release-tag _require-package-path | clean +distclean: \ + _prerequisites \ + _require-docker-release-tag \ + _require-package-path \ + | \ + clean $(eval $@_dist_path := $(realpath \ $(DIST_PATH) \ )) - @ if [[ -e $($@_dist_path)/$(DOCKER_IMAGE_NAME).$(DOCKER_IMAGE_TAG).tar.xz ]]; then \ - echo "$(PREFIX_STEP)Deleting package"; \ - echo "$(PREFIX_SUB_STEP)Package path: $($@_dist_path)/$(DOCKER_IMAGE_NAME).$(DOCKER_IMAGE_TAG).tar.xz"; \ + $(eval $@_dist_file := $(shell \ + printf -- '%s.%s.tar.xz' \ + "$(DOCKER_IMAGE_NAME)" \ + "$(DOCKER_IMAGE_TAG)" \ + )) + @ if [[ -e $($@_dist_path)/$($@_dist_file) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Deleting package"; \ + printf -- '%sPackage path: %s/%s.%s.tar.xz\n' \ + "$(PREFIX_SUB_STEP)" \ + "$($@_dist_path)" \ + "$(DOCKER_IMAGE_NAME)" \ + "$(DOCKER_IMAGE_TAG)"; \ find $($@_dist_path) \ - -name $(DOCKER_IMAGE_NAME).$(DOCKER_IMAGE_TAG).tar.xz \ + -name $($@_dist_file) \ -delete; \ - if [[ ! -e $($@_dist_path)/$(DOCKER_IMAGE_NAME).$(DOCKER_IMAGE_TAG).tar.xz ]]; then \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Package cleanup complete"; \ + if [[ ! -e $($@_dist_path)/$($@_dist_file) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Package cleanup complete"; \ else \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)Package cleanup failed"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Package cleanup failed" \ + >&2; \ exit 1; \ fi; \ else \ - echo "$(PREFIX_STEP)Package cleanup skipped"; \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Package cleanup skipped"; \ fi -exec: _prerequisites +exec: \ + _prerequisites @ $(docker) exec -it $(DOCKER_NAME) $(filter-out $@, $(MAKECMDGOALS)) %:; @: -images: _prerequisites +images: \ + _prerequisites @ $(docker) images \ - $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG); + $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) -help: _usage +help: \ + _usage -install: | _prerequisites terminate create +install: | \ + _prerequisites \ + terminate \ + create -logs: _prerequisites +logs: \ + _prerequisites @ $(docker) logs $(DOCKER_NAME) -logs-delayed: _prerequisites +logs-delayed: \ + _prerequisites @ sleep $(STARTUP_TIME) @ $(MAKE) logs -load: _prerequisites _require-docker-release-tag _require-package-path +load: \ + _prerequisites \ + _require-docker-release-tag \ + _require-package-path $(eval $@_dist_path := $(realpath \ $(DIST_PATH) \ )) - @ echo "$(PREFIX_STEP)Loading image from package"; \ - echo "$(PREFIX_SUB_STEP)Package path: $($@_dist_path)/$(DOCKER_IMAGE_NAME).$(DOCKER_IMAGE_TAG).tar.xz"; \ - if [[ ! -s $($@_dist_path)/$(DOCKER_IMAGE_NAME).$(DOCKER_IMAGE_TAG).tar.xz ]]; then \ - echo "$(PREFIX_STEP_NEGATIVE)Package not found"; \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)To create a package try: DOCKER_IMAGE_TAG=\"$(DOCKER_IMAGE_TAG)\" make dist"; \ + $(eval $@_dist_file := $(shell \ + printf -- '%s.%s.tar.xz' \ + "$(DOCKER_IMAGE_NAME)" \ + "$(DOCKER_IMAGE_TAG)" \ + )) + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Loading image from package"; \ + printf -- '%sPackage path: %s/%s.%s.tar.xz\n' \ + "$(PREFIX_SUB_STEP)" \ + "$($@_dist_path)" \ + "$(DOCKER_IMAGE_NAME)" \ + "$(DOCKER_IMAGE_TAG)"; \ + if [[ ! -s $($@_dist_path)/$($@_dist_file) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Package not found" \ + >&2; \ + printf -- '%sTry: DOCKER_IMAGE_TAG=%s make %s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "$(DOCKER_IMAGE_TAG)" \ + "dist" \ + >&2; \ exit 1; \ else \ - $(xz) -dc $($@_dist_path)/$(DOCKER_IMAGE_NAME).$(DOCKER_IMAGE_TAG).tar.xz | \ - $(docker) load; \ - echo "$(PREFIX_SUB_STEP)$$(if [[ -n $$($(docker) images -q $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)) ]]; then echo $$($(docker) images -q $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)); else echo $$($(docker) images -q docker.io/$(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)); fi;)"; \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Image loaded"; \ + $(xz) -dc \ + $($@_dist_path)/$($@_dist_file) \ + | $(docker) load; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$(call get-docker-image-id,$(DOCKER_IMAGE_TAG))"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Image loaded"; \ fi -pause: _prerequisites _require-docker-container-status-running - @ echo "$(PREFIX_STEP)Pausing container" - @ $(docker) pause $(DOCKER_NAME) 1> /dev/null - @ echo "$(PREFIX_SUB_STEP_POSITIVE)Container paused" - -pull: _prerequisites _require-docker-image-tag - @ echo "$(PREFIX_STEP)Pulling image from registry" +pause: \ + _prerequisites \ + _require-docker-container-status-running + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Pausing container" + @ $(docker) pause \ + $(DOCKER_NAME) \ + 1> /dev/null + @ printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Container paused" + +pull: \ + _prerequisites \ + _require-docker-image-tag + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Pulling image from registry" @ $(docker) pull \ $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG); \ - if [[ $${?} -eq 0 ]]; then \ - echo "$(PREFIX_SUB_STEP)$$(if [[ -n $$($(docker) images -q $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)) ]]; then echo $$($(docker) images -q $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)); else echo $$($(docker) images -q docker.io/$(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)); fi;)"; \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Image pulled"; \ + if [[ $${?} -eq 0 ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$(call get-docker-image-id,$(DOCKER_IMAGE_TAG))"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Image pulled"; \ else \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)Error pulling image"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Error pulling image" \ + >&2; \ exit 1; \ fi -ps: _prerequisites _require-docker-container - @ $(docker) ps -as --filter "name=$(DOCKER_NAME)"; - -restart: _prerequisites _require-docker-container _require-docker-container-not-status-paused - @ echo "$(PREFIX_STEP)Restarting container" - @ $(docker) restart $(DOCKER_NAME) 1> /dev/null - @ echo "$(PREFIX_SUB_STEP_POSITIVE)Container restarted" +ps: \ + _prerequisites \ + _require-docker-container + @ $(docker) ps -as \ + --filter "name=$(DOCKER_NAME)" -rm: _prerequisites _require-docker-container-not-status-paused - @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; then \ - echo "$(PREFIX_STEP)Container removal skipped"; \ +restart: \ + _prerequisites \ + _require-docker-container \ + _require-docker-container-not-status-paused + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Restarting container" + @ $(docker) restart \ + $(DOCKER_NAME) \ + 1> /dev/null + @ printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Container restarted" + +rm: \ + _prerequisites \ + _require-docker-container-not-status-paused + @ if [[ -z $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Container removal skipped"; \ else \ - echo "$(PREFIX_STEP)Removing container"; \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Removing container"; \ $(docker) rm -f $(DOCKER_NAME); \ - if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; then \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Container removed"; \ + if [[ -z $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Container removed"; \ else \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)Container removal failed"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Container removal failed" \ + >&2; \ exit 1; \ fi; \ fi -rmi: _prerequisites _require-docker-image-tag _require-docker-container-not - @ if [[ -n $$(if [[ -n $$($(docker) images -q $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)) ]]; then echo $$($(docker) images -q $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)); else echo $$($(docker) images -q docker.io/$(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)); fi;) ]]; then \ - echo "$(PREFIX_STEP)Untagging image"; \ - echo "$(PREFIX_SUB_STEP)$$(if [[ -n $$($(docker) images -q $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)) ]]; then echo $$($(docker) images -q $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)); else echo $$($(docker) images -q docker.io/$(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)); fi;) : $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG)"; \ +rmi: \ + _prerequisites \ + _require-docker-image-tag \ + _require-docker-container-not + @ if [[ -n $(call get-docker-image-id,$(DOCKER_IMAGE_TAG)) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Untagging image"; \ + printf -- '%s%s : %s/%s:%s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$(call get-docker-image-id,$(DOCKER_IMAGE_TAG))" \ + "$(DOCKER_USER)" \ + "$(DOCKER_IMAGE_NAME)" \ + "$(DOCKER_IMAGE_TAG)"; \ $(docker) rmi \ - $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) 1> /dev/null; \ - if [[ $${?} -eq 0 ]]; then \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Image untagged"; \ + $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) \ + 1> /dev/null; \ + if [[ $${?} -eq 0 ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Image untagged"; \ else \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)Error untagging image"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Error untagging image" \ + >&2; \ exit 1; \ fi; \ else \ - echo "$(PREFIX_STEP)Untagging image skipped"; \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Untagging image skipped"; \ fi -run: _prerequisites _require-docker-image-tag - @ echo "$(PREFIX_STEP)Running container" +run: \ + _prerequisites \ + _require-docker-image-tag + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Running container" @ set -x; \ $(docker) run \ --detach \ $(DOCKER_CONTAINER_PARAMETERS) \ $(DOCKER_PUBLISH) \ $(DOCKER_CONTAINER_OPTS) \ - $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) 1> /dev/null; - @ if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=running") ]]; then \ - echo "$(PREFIX_SUB_STEP)$$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=running")"; \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Container running"; \ + $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) \ + 1> /dev/null + @ if [[ -n $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=running" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP)" \ + "$$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=running" \ + )"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Container running"; \ else \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)Container run failed"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Container run failed" \ + >&2; \ exit 1; \ fi -start: _prerequisites _require-docker-container _require-docker-container-not-status-paused - @ echo "$(PREFIX_STEP)Starting container" +start: \ + _prerequisites \ + _require-docker-container \ + _require-docker-container-not-status-paused + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Starting container" @ if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]] \ - && [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=running") ]]; then \ - $(docker) start $(DOCKER_NAME) 1> /dev/null; \ + && [[ -z $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=running" \ + ) ]]; \ + then \ + $(docker) start \ + $(DOCKER_NAME) \ + 1> /dev/null; \ fi - @ if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=running") ]]; then \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Container started"; \ + @ if [[ -n $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=running" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Container started"; \ else \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)Container start failed"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Container start failed" \ + >&2; \ exit 1; \ fi -stop: _prerequisites _require-docker-container-not-status-paused _require-docker-container-status-running - @ echo "$(PREFIX_STEP)Stopping container" - @ if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=running") ]]; then \ - $(docker) stop $(DOCKER_NAME) 1> /dev/null; \ - if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=exited") ]]; then \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Container stopped"; \ +stop: \ + _prerequisites \ + _require-docker-container-not-status-paused \ + _require-docker-container-status-running + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Stopping container" + @ if [[ -n $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=running" \ + ) ]]; \ + then \ + $(docker) stop \ + $(DOCKER_NAME) \ + 1> /dev/null; \ + if [[ -n $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=exited" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Container stopped"; \ else \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)Error stopping container"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Error stopping container" \ + >&2; \ exit 1; \ fi; \ fi -terminate: _prerequisites - @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; then \ - echo "$(PREFIX_STEP)Container termination skipped"; \ +terminate: \ + _prerequisites + @ if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Container termination skipped"; \ else \ - echo "$(PREFIX_STEP)Terminating container"; \ - if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=paused") ]]; then \ - echo "$(PREFIX_SUB_STEP)Unpausing container"; \ - $(docker) unpause $(DOCKER_NAME) 1> /dev/null; \ + printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Terminating container"; \ + if [[ -n $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=paused" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP)" \ + "Unpausing container"; \ + $(docker) unpause \ + $(DOCKER_NAME) \ + 1> /dev/null; \ fi; \ - if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)" --filter "status=running") ]]; then \ - echo "$(PREFIX_SUB_STEP)Stopping container"; \ - $(docker) stop $(DOCKER_NAME) 1> /dev/null; \ + if [[ -n $$($(docker) ps -aq \ + --filter "name=$(DOCKER_NAME)" \ + --filter "status=running" \ + ) ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP)" \ + "Stopping container"; \ + $(docker) stop \ + $(DOCKER_NAME) \ + 1> /dev/null; \ fi; \ - if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; then \ - echo "$(PREFIX_SUB_STEP)Removing container"; \ - $(docker) rm -f $(DOCKER_NAME) 1> /dev/null; \ + if [[ -n $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP)" \ + "Removing container"; \ + $(docker) rm -f \ + $(DOCKER_NAME) \ + 1> /dev/null; \ fi; \ - if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; then \ - echo "$(PREFIX_SUB_STEP_POSITIVE)Container terminated"; \ + if [[ -z $$($(docker) ps -aq --filter "name=$(DOCKER_NAME)") ]]; \ + then \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Container terminated"; \ else \ - echo "$(PREFIX_SUB_STEP_NEGATIVE)Container termination failed"; \ + printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_NEGATIVE)" \ + "Container termination failed" \ + >&2; \ exit 1; \ fi; \ fi -test: _test-prerequisites - @ if [[ -z $$(if [[ -n $$($(docker) images -q $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):latest) ]]; then echo $$($(docker) images -q $(DOCKER_USER)/$(DOCKER_IMAGE_NAME):latest); else echo $$($(docker) images -q docker.io/$(DOCKER_USER)/$(DOCKER_IMAGE_NAME):latest); fi;) ]]; then \ - $(MAKE) build; \ - fi; - @ echo "$(PREFIX_STEP)Functional test"; - @ SHPEC_ROOT=$(SHPEC_ROOT) $(shpec); - -unpause: _prerequisites _require-docker-container-status-paused - @ echo "$(PREFIX_STEP)Unpausing container" - @ $(docker) unpause $(DOCKER_NAME) 1> /dev/null - @ echo "$(PREFIX_SUB_STEP_POSITIVE)Container unpaused" +test: \ + _test-prerequisites + @ if [[ -z $(call get-docker-image-id,latest) ]]; \ + then \ + DOCKER_IMAGE_TAG=latest $(MAKE) build; \ + fi + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Functional test" + @ SHPEC_ROOT=$(SHPEC_ROOT) $(shpec) + +unpause: \ + _prerequisites \ + _require-docker-container-status-paused + @ printf -- '%s%s\n' \ + "$(PREFIX_STEP)" \ + "Unpausing container" + @ $(docker) unpause \ + $(DOCKER_NAME) \ + 1> /dev/null + @ printf -- '%s%s\n' \ + "$(PREFIX_SUB_STEP_POSITIVE)" \ + "Container unpaused" diff --git a/README.md b/README.md index 7c81e60..581fc4a 100644 --- a/README.md +++ b/README.md @@ -40,11 +40,11 @@ For cases where access to docker exec is not possible the preferred method is to ## Quick Example -Run up a container named `apache-php.pool-1.1.1` from the docker image `jdeathe/centos-ssh-apache-php-fcgi` on port 8080 of your docker host. +Run up a container named `apache-php.1` from the docker image `jdeathe/centos-ssh-apache-php-fcgi` on port 8080 of your docker host. ``` $ docker run -d \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ -p 8080:80 \ -e "APACHE_SERVER_NAME=app-1.local" \ jdeathe/centos-ssh-apache-php-fcgi:1.11.1 @@ -57,7 +57,7 @@ Now point your browser to `http://{docker-host}:8080` where `{docker-host}` is t To be able to access the server using the "app-1.local" domain name you need to add a hosts file entry locally; such that the IP address of the Docker host resolves to the name "app-1.local". Alternatively, you can use the elinks browser installed in the container. Note that because you are using the browser from the container you access the site over port 80. ``` -$ docker exec -it apache-php.pool-1.1.1 \ +$ docker exec -it apache-php.1 \ elinks http://app-1.local ``` @@ -66,7 +66,7 @@ $ docker exec -it apache-php.pool-1.1.1 \ To verify the container is initialised and running successfully by inspecting the container's logs. ``` -$ docker logs apache-php.pool-1.1.1 +$ docker logs apache-php.1 ``` On first run, the bootstrap script, ([/usr/sbin/httpd-bootstrap](https://github.com/jdeathe/centos-ssh-apache-php/blob/centos-6/src/usr/sbin/httpd-bootstrap)), will check if the DocumentRoot directory is empty and, if so, will populate it with the example app scripts and VirtualHost configuration files. @@ -74,7 +74,7 @@ On first run, the bootstrap script, ([/usr/sbin/httpd-bootstrap](https://github. The `apachectl` command can be accessed as follows. ``` -$ docker exec -it apache-php.pool-1.1.1 \ +$ docker exec -it apache-php.1 \ bash -c "apachectl -h" ``` @@ -86,7 +86,7 @@ To run the a docker container from this image you can use the standard docker co #### SCMI Installation Examples -The following example uses docker to run the SCMI install command to create and start a container named `apache-php.pool-1.1.1`. To use SCMI it requires the use of the `--privileged` docker run parameter and the docker host's root directory mounted as a volume with the container's mount directory also being set in the `scmi` `--chroot` option. The `--setopt` option is used to add extra parameters to the default docker run command template; in the following example a named configuration volume is added which allows the SSH host keys to persist after the first container initialisation. Not that the placeholder `{{NAME}}` can be used in this option and is replaced with the container's name. +The following example uses docker to run the SCMI install command to create and start a container named `apache-php.1`. To use SCMI it requires the use of the `--privileged` docker run parameter and the docker host's root directory mounted as a volume with the container's mount directory also being set in the `scmi` `--chroot` option. The `--setopt` option is used to add extra parameters to the default docker run command template; in the following example a named configuration volume is added which allows the SSH host keys to persist after the first container initialisation. Not that the placeholder `{{NAME}}` can be used in this option and is replaced with the container's name. ##### SCMI Install @@ -101,7 +101,7 @@ $ docker run \ /usr/sbin/scmi install \ --chroot=/media/root \ --tag=1.11.1 \ - --name=apache-php.pool-1.1.1 + --name=apache-php.1 ``` ##### SCMI Uninstall @@ -119,7 +119,7 @@ $ docker run \ /usr/sbin/scmi uninstall \ --chroot=/media/root \ --tag=1.11.1 \ - --name=apache-php.pool-1.1.1 + --name=apache-php.1 ``` ##### SCMI Systemd Support @@ -137,11 +137,11 @@ $ docker run \ /usr/sbin/scmi install \ --chroot=/media/root \ --tag=1.11.1 \ - --name=apache-php.pool-1.1.1 \ + --name=apache-php.1 \ --manager=systemd \ --register \ --env='APACHE_MOD_SSL_ENABLED=true' \ - --setopt='--volume {{NAME}}.data-ssl:/etc/services-config/ssl' + --setopt='--volume {{NAME}}.data-tls:/etc/pki/tls' ``` ##### SCMI Fleet Support @@ -164,14 +164,14 @@ $ eval "sudo -E $( ) --info" ``` -To perform an installation using the docker name `apache-php.pool-1.2.1` simply use the `--name` or `-n` option. +To perform an installation using the docker name `apache-php.2` simply use the `--name` or `-n` option. ``` $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.install}}" \ jdeathe/centos-ssh-apache-php-fcgi:1.11.1 - ) --name=apache-php.pool-1.2.1" + ) --name=apache-php.2" ``` To uninstall use the *same command* that was used to install but with the `uninstall` Label. @@ -181,7 +181,7 @@ $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.uninstall}}" \ jdeathe/centos-ssh-apache-php-fcgi:1.11.1 - ) --name=apache-php.pool-1.2.1" + ) --name=apache-php.2" ``` ##### SCMI on Atomic Host @@ -198,16 +198,16 @@ To see detailed information about the image run `scmi` with the `--info` option. ``` $ sudo -E atomic install \ - -n apache-php.pool-1.3.1 \ + -n apache-php.3 \ jdeathe/centos-ssh-apache-php-fcgi:1.11.1 \ --info ``` -To perform an installation using the docker name `apache-php.pool-1.3.1` simply use the `-n` option of the `atomic install` command. +To perform an installation using the docker name `apache-php.3` simply use the `-n` option of the `atomic install` command. ``` $ sudo -E atomic install \ - -n apache-php.pool-1.3.1 \ + -n apache-php.3 \ jdeathe/centos-ssh-apache-php-fcgi:1.11.1 ``` @@ -216,14 +216,14 @@ Alternatively, you could use the `scmi` options `--name` or `-n` for naming the ``` $ sudo -E atomic install \ jdeathe/centos-ssh-apache-php-fcgi:1.11.1 \ - --name apache-php.pool-1.3.1 + --name apache-php.3 ``` To uninstall use the *same command* that was used to install but with the `uninstall` Label. ``` $ sudo -E atomic uninstall \ - -n apache-php.pool-1.3.1 \ + -n apache-php.3 \ jdeathe/centos-ssh-apache-php-fcgi:1.11.1 ``` @@ -311,7 +311,7 @@ The variable `APACHE_EXTENDED_STATUS_ENABLED` allows you to turn ExtendedStatus You can view the output from Apache server-status either using the elinks browser from onboard the container or by using `watch` and `curl` to monitor status over time. The following command shows the server-status updated at a 1 second interval given an `APACHE_SERVER_NAME` or `APACHE_SERVER_ALIAS` of "app-1.local". ``` -$ docker exec -it apache-php.pool-1.1.1 \ +$ docker exec -it apache-php.1 \ env TERM=xterm \ watch -n 1 \ -d "curl -sH 'Host: app-1.local' http://127.0.0.1/server-status?auto" @@ -343,16 +343,16 @@ By default, the image loads a minimal set of required Apache modules. To load ad By default SSL support is disabled but a second port, (mapped to 8443), is available for traffic that has been been through upstream SSL termination (SSL Offloading). If you want the container to support SSL directly then set `APACHE_MOD_SSL_ENABLED=true` this will then generate a self signed certificate and will update Apache to accept traffic on port 443. ``` -$ docker stop apache-php.pool-1.1.1 && \ - docker rm apache-php.pool-1.1.1 +$ docker stop apache-php.1 && \ + docker rm apache-php.1 $ docker run -d \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish 8080:80 \ --publish 9443:443 \ --env "APACHE_SERVER_ALIAS=app-1" \ --env "APACHE_SERVER_NAME=app-1.local" \ --env "APACHE_MOD_SSL_ENABLED=true" \ - --volume apache-php.pool-1.1.1.data-ssl:/etc/services-config/ssl \ + --volume apache-php.1.data-tls:/etc/pki/tls \ jdeathe/centos-ssh-apache-php-fcgi:1.11.1 ``` @@ -423,7 +423,7 @@ If set to a valid container file path the value will be read from the file - thi Use the `APACHE_SSL_CIPHER_SUITE` environment variable to define an appropriate Cipher Suite. The default "intermediate" selection should be suitable for most use-cases where support for a wide range browsers is necessary. References: -- [OpenSSL ciphers documentation](https://www.openssl.org/docs/manmaster/apps/ciphers.html). +- [OpenSSL ciphers documentation](https://www.openssl.org/docs/manmaster/man1/ciphers.html). - [Mozilla Security/Server Side TLS guidance](https://wiki.mozilla.org/Security/Server_Side_TLS). *Note:* The value show is using space separated values to allow for readablity in the documentation; this is valid syntax however using the colon separator is the recommended form. diff --git a/default.mk b/default.mk index bd3d03e..7677721 100644 --- a/default.mk +++ b/default.mk @@ -1,4 +1,111 @@ +# Handle incrementing the docker host port for instances unless a port range is defined. +DOCKER_PUBLISH := $(shell \ + if [[ "$(DOCKER_PORT_MAP_TCP_80)" != NULL ]]; \ + then \ + if grep -qE \ + '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[1-9][0-9]*$$' \ + <<< "$(DOCKER_PORT_MAP_TCP_80)" \ + && grep -qE \ + '^.+\.[0-9]+(\.[0-9]+)?$$' \ + <<< "$(DOCKER_NAME)"; \ + then \ + printf -- ' --publish %s%s:80/tcp' \ + "$$(\ + grep -o '^[0-9\.]*:' \ + <<< "$(DOCKER_PORT_MAP_TCP_80)" \ + )" \ + "$$(( \ + $$(\ + grep -oE \ + '[0-9]+$$' \ + <<< "$(DOCKER_PORT_MAP_TCP_80)" \ + ) \ + + $$(\ + grep -oE \ + '([0-9]+)(\.[0-9]+)?$$' \ + <<< "$(DOCKER_NAME)" \ + | awk -F. \ + '{ print $$1; }' \ + ) \ + - 1 \ + ))"; \ + else \ + printf -- ' --publish %s:80/tcp' \ + "$(DOCKER_PORT_MAP_TCP_80)"; \ + fi; \ + fi; \ + if [[ "$(APACHE_MOD_SSL_ENABLED)" == true ]] \ + && [[ "$(DOCKER_PORT_MAP_TCP_443)" != NULL ]]; \ + then \ + if grep -qE \ + '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[1-9][0-9]*$$' \ + <<< "$(DOCKER_PORT_MAP_TCP_443)" \ + && grep -qE \ + '^.+\.[0-9]+(\.[0-9]+)?$$' \ + <<< "$(DOCKER_NAME)"; \ + then \ + printf -- ' --publish %s%s:443/tcp' \ + "$$(\ + grep -o '^[0-9\.]*:' \ + <<< "$(DOCKER_PORT_MAP_TCP_443)" \ + )" \ + "$$(( \ + $$(\ + grep -oE \ + '[0-9]+$$' \ + <<< "$(DOCKER_PORT_MAP_TCP_443)" \ + ) \ + + $$(\ + grep -oE \ + '([0-9]+)(\.[0-9]+)?$$' \ + <<< "$(DOCKER_NAME)" \ + | awk -F. \ + '{ print $$1; }' \ + ) \ + - 1 \ + ))"; \ + else \ + printf -- ' --publish %s:443/tcp' \ + "$(DOCKER_PORT_MAP_TCP_443)"; \ + fi; \ + fi; \ + if [[ "$(DOCKER_PORT_MAP_TCP_8443)" != NULL ]]; \ + then \ + if grep -qE \ + '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[1-9][0-9]*$$' \ + <<< "$(DOCKER_PORT_MAP_TCP_8443)" \ + && grep -qE \ + '^.+\.[0-9]+(\.[0-9]+)?$$' \ + <<< "$(DOCKER_NAME)"; \ + then \ + printf -- ' --publish %s%s:8443/tcp' \ + "$$(\ + grep -o '^[0-9\.]*:' \ + <<< "$(DOCKER_PORT_MAP_TCP_8443)" \ + )" \ + "$$(( \ + $$(\ + grep -oE \ + '[0-9]+$$' \ + <<< "$(DOCKER_PORT_MAP_TCP_8443)" \ + ) \ + + $$(\ + grep -oE \ + '([0-9]+)(\.[0-9]+)?$$' \ + <<< "$(DOCKER_NAME)" \ + | awk -F. \ + '{ print $$1; }' \ + ) \ + - 1 \ + ))"; \ + else \ + printf -- ' --publish %s:8443/tcp' \ + "$(DOCKER_PORT_MAP_TCP_8443)"; \ + fi; \ + fi; \ +) + # Common parameters of create and run targets define DOCKER_CONTAINER_PARAMETERS --name $(DOCKER_NAME) \ @@ -30,9 +137,3 @@ define DOCKER_CONTAINER_PARAMETERS --env "PHP_OPTIONS_SESSION_SAVE_HANDLER=$(PHP_OPTIONS_SESSION_SAVE_HANDLER)" \ --env "PHP_OPTIONS_SESSION_SAVE_PATH=$(PHP_OPTIONS_SESSION_SAVE_PATH)" endef - -DOCKER_PUBLISH := $(shell \ - if [[ $(DOCKER_PORT_MAP_TCP_80) != NULL ]]; then printf -- '--publish %s:80\n' $(DOCKER_PORT_MAP_TCP_80); fi; \ - if [[ $(DOCKER_PORT_MAP_TCP_443) != NULL ]] && [[ $(APACHE_MOD_SSL_ENABLED) == true ]]; then printf -- '--publish %s:443\n' $(DOCKER_PORT_MAP_TCP_443); fi; \ - if [[ $(DOCKER_PORT_MAP_TCP_8443) != NULL ]]; then printf -- '--publish %s:8443\n' $(DOCKER_PORT_MAP_TCP_8443); fi; \ -) diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..76be68b --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,59 @@ +# ------------------------------------------------------------------------------ +# Ref: https://docs.docker.com/compose/compose-file/ +# +# Setup: +# Copy .env.example to .env and modify values as required. +# docker-compose build +# docker-compose down +# +# Run Default example: +# docker-compose up -d +# +# Check service logs: +# docker-compose logs apache-php +# +# Usage: +# docker-compose exec apache-php bash -c "apachectl -V" +# docker-compose exec apache-php bash -c "apachectl -M" +# docker-compose exec apache-php bash -c "apachectl -S" +# docker-compose exec apache-php bash -c "apachectl -t -D DUMP_INCLUDES" +# docker-compose exec apache-php elinks http://localhost +# ------------------------------------------------------------------------------ +version: "3.0" +services: + apache-php: + build: + context: "." + dockerfile: "Dockerfile" + environment: + APACHE_CONTENT_ROOT: "${APACHE_CONTENT_ROOT}" + APACHE_CUSTOM_LOG_FORMAT: "${APACHE_CUSTOM_LOG_FORMAT}" + APACHE_CUSTOM_LOG_LOCATION: "${APACHE_CUSTOM_LOG_LOCATION}" + APACHE_ERROR_LOG_LOCATION: "${APACHE_ERROR_LOG_LOCATION}" + APACHE_ERROR_LOG_LEVEL: "${APACHE_ERROR_LOG_LEVEL}" + APACHE_EXTENDED_STATUS_ENABLED: "${APACHE_EXTENDED_STATUS_ENABLED}" + APACHE_HEADER_X_SERVICE_UID: "${APACHE_HEADER_X_SERVICE_UID}" + APACHE_LOAD_MODULES: "${APACHE_LOAD_MODULES}" + APACHE_MOD_SSL_ENABLED: "${APACHE_MOD_SSL_ENABLED}" + APACHE_MPM: "${APACHE_MPM}" + APACHE_OPERATING_MODE: "${APACHE_OPERATING_MODE}" + APACHE_PUBLIC_DIRECTORY: "${APACHE_PUBLIC_DIRECTORY}" + APACHE_RUN_GROUP: "${APACHE_RUN_GROUP}" + APACHE_RUN_USER: "${APACHE_RUN_USER}" + APACHE_SERVER_ALIAS: "${APACHE_SERVER_ALIAS}" + APACHE_SERVER_NAME: "${APACHE_SERVER_NAME}" + APACHE_SSL_CERTIFICATE: "${APACHE_SSL_CERTIFICATE}" + APACHE_SSL_CIPHER_SUITE: "${APACHE_SSL_CIPHER_SUITE}" + APACHE_SSL_PROTOCOL: "${APACHE_SSL_PROTOCOL}" + APACHE_SYSTEM_USER: "${APACHE_SYSTEM_USER}" + PACKAGE_PATH: "${PACKAGE_PATH}" + PHP_OPTIONS_DATE_TIMEZONE: "${PHP_OPTIONS_DATE_TIMEZONE}" + PHP_OPTIONS_SESSION_NAME: "${PHP_OPTIONS_SESSION_NAME}" + PHP_OPTIONS_SESSION_SAVE_HANDLER: "${PHP_OPTIONS_SESSION_SAVE_HANDLER}" + PHP_OPTIONS_SESSION_SAVE_PATH: "${PHP_OPTIONS_SESSION_SAVE_PATH}" + image: "jdeathe/centos-ssh-apache-php-fcgi:latest" + ports: + - "8080:80" + - "9443:443" + - "8443:8443" + restart: "always" diff --git a/environment.mk b/environment.mk index 4c7255b..36394ad 100644 --- a/environment.mk +++ b/environment.mk @@ -16,7 +16,7 @@ DOCKER_IMAGE_RELEASE_TAG_PATTERN := ^(1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+$ # Docker image/container settings DOCKER_CONTAINER_OPTS ?= DOCKER_IMAGE_TAG ?= latest -DOCKER_NAME ?= apache-php.pool-1.1.1 +DOCKER_NAME ?= apache-php.1 DOCKER_PORT_MAP_TCP_22 ?= NULL DOCKER_PORT_MAP_TCP_80 ?= 8080 DOCKER_PORT_MAP_TCP_443 ?= 9443 @@ -35,20 +35,6 @@ STARTUP_TIME ?= 2 # ------------------------------------------------------------------------------ # Application container configuration # ------------------------------------------------------------------------------ -SSH_AUTHORIZED_KEYS ?= -SSH_AUTOSTART_SSHD ?= false -SSH_AUTOSTART_SSHD_BOOTSTRAP ?= false -SSH_CHROOT_DIRECTORY ?= %h -SSH_INHERIT_ENVIRONMENT ?= false -SSH_SUDO ?= ALL=(ALL) ALL -SSH_USER ?= app-admin -SSH_USER_FORCE_SFTP ?= false -SSH_USER_HOME ?= /home/%u -SSH_USER_PASSWORD ?= -SSH_USER_PASSWORD_HASHED ?= false -SSH_USER_SHELL ?= /bin/bash -SSH_USER_ID ?= 500:500 -# ------------------------------------------------------------------------------ APACHE_AUTOSTART_HTTPD_BOOTSTRAP ?= true APACHE_AUTOSTART_HTTPD_WRAPPER ?= true APACHE_CONTENT_ROOT ?= /var/www/app diff --git a/src/etc/services-config/httpd/conf.d/00-deflate.conf b/src/etc/httpd/conf.d/00-deflate.conf similarity index 100% rename from src/etc/services-config/httpd/conf.d/00-deflate.conf rename to src/etc/httpd/conf.d/00-deflate.conf diff --git a/src/etc/services-config/httpd/conf.d/00-document-root-acl.conf b/src/etc/httpd/conf.d/00-document-root-acl.conf similarity index 100% rename from src/etc/services-config/httpd/conf.d/00-document-root-acl.conf rename to src/etc/httpd/conf.d/00-document-root-acl.conf diff --git a/src/etc/services-config/httpd/conf.d/00-expires.conf b/src/etc/httpd/conf.d/00-expires.conf similarity index 100% rename from src/etc/services-config/httpd/conf.d/00-expires.conf rename to src/etc/httpd/conf.d/00-expires.conf diff --git a/src/etc/services-config/httpd/conf.d/00-headers.conf b/src/etc/httpd/conf.d/00-headers.conf similarity index 100% rename from src/etc/services-config/httpd/conf.d/00-headers.conf rename to src/etc/httpd/conf.d/00-headers.conf diff --git a/src/etc/services-config/httpd/conf.d/00-mime-type.conf b/src/etc/httpd/conf.d/00-mime-type.conf similarity index 100% rename from src/etc/services-config/httpd/conf.d/00-mime-type.conf rename to src/etc/httpd/conf.d/00-mime-type.conf diff --git a/src/etc/services-config/httpd/conf.d/00-php-operating-mode.conf b/src/etc/httpd/conf.d/00-php-operating-mode.conf similarity index 100% rename from src/etc/services-config/httpd/conf.d/00-php-operating-mode.conf rename to src/etc/httpd/conf.d/00-php-operating-mode.conf diff --git a/src/etc/services-config/httpd/conf.d/00-reqtimeout.conf b/src/etc/httpd/conf.d/00-reqtimeout.conf similarity index 100% rename from src/etc/services-config/httpd/conf.d/00-reqtimeout.conf rename to src/etc/httpd/conf.d/00-reqtimeout.conf diff --git a/src/etc/services-config/httpd/conf.d/00-server-status.conf b/src/etc/httpd/conf.d/00-server-status.conf similarity index 100% rename from src/etc/services-config/httpd/conf.d/00-server-status.conf rename to src/etc/httpd/conf.d/00-server-status.conf diff --git a/src/etc/services-config/httpd/conf.d/10-name-virtual-host.conf b/src/etc/httpd/conf.d/10-name-virtual-host.conf similarity index 100% rename from src/etc/services-config/httpd/conf.d/10-name-virtual-host.conf rename to src/etc/httpd/conf.d/10-name-virtual-host.conf diff --git a/src/etc/services-config/httpd/conf.d/10-virtual-host-encrypted.conf b/src/etc/httpd/conf.d/10-virtual-host-encrypted.conf similarity index 100% rename from src/etc/services-config/httpd/conf.d/10-virtual-host-encrypted.conf rename to src/etc/httpd/conf.d/10-virtual-host-encrypted.conf diff --git a/src/etc/services-config/httpd/conf.d/10-virtual-host-unencrypted.conf b/src/etc/httpd/conf.d/10-virtual-host-unencrypted.conf similarity index 100% rename from src/etc/services-config/httpd/conf.d/10-virtual-host-unencrypted.conf rename to src/etc/httpd/conf.d/10-virtual-host-unencrypted.conf diff --git a/src/etc/services-config/httpd/conf.virtualhost.d/00-document-root.conf b/src/etc/httpd/conf.virtualhost.d/00-document-root.conf similarity index 100% rename from src/etc/services-config/httpd/conf.virtualhost.d/00-document-root.conf rename to src/etc/httpd/conf.virtualhost.d/00-document-root.conf diff --git a/src/etc/services-config/httpd/conf.virtualhost.d/00-log.conf b/src/etc/httpd/conf.virtualhost.d/00-log.conf similarity index 100% rename from src/etc/services-config/httpd/conf.virtualhost.d/00-log.conf rename to src/etc/httpd/conf.virtualhost.d/00-log.conf diff --git a/src/etc/services-config/httpd/conf.virtualhost.d/00-rewrite.conf b/src/etc/httpd/conf.virtualhost.d/00-rewrite.conf similarity index 100% rename from src/etc/services-config/httpd/conf.virtualhost.d/00-rewrite.conf rename to src/etc/httpd/conf.virtualhost.d/00-rewrite.conf diff --git a/src/etc/services-config/httpd/conf.virtualhost.d/00-server-alias.conf b/src/etc/httpd/conf.virtualhost.d/00-server-alias.conf similarity index 100% rename from src/etc/services-config/httpd/conf.virtualhost.d/00-server-alias.conf rename to src/etc/httpd/conf.virtualhost.d/00-server-alias.conf diff --git a/src/etc/services-config/httpd/conf.virtualhost.d/00-server-name.conf b/src/etc/httpd/conf.virtualhost.d/00-server-name.conf similarity index 100% rename from src/etc/services-config/httpd/conf.virtualhost.d/00-server-name.conf rename to src/etc/httpd/conf.virtualhost.d/00-server-name.conf diff --git a/src/etc/profile.d/httpd-startup.sh b/src/etc/profile.d/httpd-startup.sh deleted file mode 100644 index cbd3053..0000000 --- a/src/etc/profile.d/httpd-startup.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -source /usr/sbin/httpd-startup diff --git a/src/etc/services-config/httpd/conf.d/php-fpm.conf.default b/src/etc/services-config/httpd/conf.d/php-fpm.conf.default deleted file mode 100644 index 774db98..0000000 --- a/src/etc/services-config/httpd/conf.d/php-fpm.conf.default +++ /dev/null @@ -1,22 +0,0 @@ -# This configuration requires httpd 2.4 with support for UDS (Unix domain -# sockets). This was added upstream in version 2.4.10, and was also backported -# to 2.4.6 in EL7. - -# The following lines prevent .user.ini files from being viewed by Web clients. - - Require all denied - - -# Allow php to handle Multiviews. -AddType text/html .php - -# Add index.php to the list of files that will be served as directory indexes. -DirectoryIndex index.php - -# Enable http authorization headers. -SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 - - - #SetHandler "proxy:fcgi://127.0.0.1:9000" - SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" - diff --git a/src/etc/services-config/httpd/conf.d/php.conf.default b/src/etc/services-config/httpd/conf.d/php.conf.default deleted file mode 100644 index bb0f180..0000000 --- a/src/etc/services-config/httpd/conf.d/php.conf.default +++ /dev/null @@ -1,28 +0,0 @@ -# -# PHP is an HTML-embedded scripting language which attempts to make it -# easy for developers to write dynamically generated webpages. -# - - LoadModule php5_module modules/libphp5.so - - - LoadModule php5_module modules/libphp5-zts.so - - -# -# Cause the PHP interpreter to handle files with a .php extension. -# -AddHandler php5-script .php -AddType text/html .php - -# -# Add index.php to the list of files that will be served as directory -# indexes. -# -DirectoryIndex index.php - -# -# Uncomment the following line to allow PHP to pretty-print .phps -# files as PHP source code: -# -#AddType application/x-httpd-php-source .phps diff --git a/src/etc/services-config/httpd/conf.d/ssl.conf.default b/src/etc/services-config/httpd/conf.d/ssl.conf.default deleted file mode 100644 index 8537b64..0000000 --- a/src/etc/services-config/httpd/conf.d/ssl.conf.default +++ /dev/null @@ -1,217 +0,0 @@ -# -# When we also provide SSL we have to listen to the -# standard HTTPS port in addition. -# -Listen 443 https - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is an internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -SSLSessionCache shmcb:/run/httpd/sslcache(512000) -SSLSessionCacheTimeout 300 - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup file:/dev/urandom 256 -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - -# -# Use "SSLCryptoDevice" to enable any supported hardware -# accelerators. Use "openssl engine -v" to list supported -# engine names. NOTE: If you enable an accelerator and the -# server does not start, consult the error logs and ensure -# your accelerator is functioning properly. -# -SSLCryptoDevice builtin -#SSLCryptoDevice ubsec - -## -## SSL Virtual Host Context -## - - - -# General setup for the virtual host, inherited from global configuration -#DocumentRoot "/var/www/html" -#ServerName www.example.com:443 - -# Use separate log files for the SSL virtual host; note that LogLevel -# is not inherited from httpd.conf. -ErrorLog logs/ssl_error_log -TransferLog logs/ssl_access_log -LogLevel warn - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# List the protocol versions which clients are allowed to connect with. -# Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be -# disabled as quickly as practical. -SSLProtocol all -SSLv3 -SSLProxyProtocol all -SSLv3 - -# User agents such as web browsers are not configured for the user's -# own preference of either security or performance, therefore this -# must be the prerogative of the web server administrator who manages -# cpu load versus confidentiality, so enforce the server's cipher order. -SSLHonorCipherOrder on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers. -SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 -SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 - -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. Keep -# in mind that if you have both an RSA and a DSA certificate you -# can configure both in parallel (to also allow the use of DSA -# ciphers, etc.) -# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) -# require an ECC certificate which can also be configured in -# parallel. -SSLCertificateFile /etc/pki/tls/certs/localhost.crt - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -# ECC keys, when in use, can also be configured in parallel -SSLCertificateKeyFile /etc/pki/tls/private/localhost.key - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convenience. -#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -# -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -# - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is sent or allowed to be received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is sent and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -BrowserMatch "MSIE [2-5]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog logs/ssl_request_log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - diff --git a/src/etc/services-config/httpd/conf.modules.d/00-base.conf.default b/src/etc/services-config/httpd/conf.modules.d/00-base.conf.default deleted file mode 100644 index e99ff0e..0000000 --- a/src/etc/services-config/httpd/conf.modules.d/00-base.conf.default +++ /dev/null @@ -1,68 +0,0 @@ -# -# This file loads most of the modules included with the Apache HTTP -# Server itself. -# - -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule actions_module modules/mod_actions.so -LoadModule alias_module modules/mod_alias.so -LoadModule allowmethods_module modules/mod_allowmethods.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule cache_module modules/mod_cache.so -LoadModule cache_disk_module modules/mod_cache_disk.so -LoadModule cache_socache_module modules/mod_cache_socache.so -LoadModule data_module modules/mod_data.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule dir_module modules/mod_dir.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule echo_module modules/mod_echo.so -LoadModule env_module modules/mod_env.so -LoadModule expires_module modules/mod_expires.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule filter_module modules/mod_filter.so -LoadModule headers_module modules/mod_headers.so -LoadModule http2_module modules/mod_http2.so -LoadModule include_module modules/mod_include.so -LoadModule info_module modules/mod_info.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule logio_module modules/mod_logio.so -LoadModule macro_module modules/mod_macro.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule mime_module modules/mod_mime.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule request_module modules/mod_request.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -LoadModule socache_dbm_module modules/mod_socache_dbm.so -LoadModule socache_memcache_module modules/mod_socache_memcache.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -LoadModule status_module modules/mod_status.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule version_module modules/mod_version.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule watchdog_module modules/mod_watchdog.so - diff --git a/src/etc/services-config/httpd/conf.modules.d/00-dav.conf.default b/src/etc/services-config/httpd/conf.modules.d/00-dav.conf.default deleted file mode 100644 index e6af8de..0000000 --- a/src/etc/services-config/httpd/conf.modules.d/00-dav.conf.default +++ /dev/null @@ -1,3 +0,0 @@ -LoadModule dav_module modules/mod_dav.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so diff --git a/src/etc/services-config/httpd/conf.modules.d/00-lua.conf.default b/src/etc/services-config/httpd/conf.modules.d/00-lua.conf.default deleted file mode 100644 index 9e0d0db..0000000 --- a/src/etc/services-config/httpd/conf.modules.d/00-lua.conf.default +++ /dev/null @@ -1 +0,0 @@ -LoadModule lua_module modules/mod_lua.so diff --git a/src/etc/services-config/httpd/conf.modules.d/00-proxy.conf.default b/src/etc/services-config/httpd/conf.modules.d/00-proxy.conf.default deleted file mode 100644 index 448eb63..0000000 --- a/src/etc/services-config/httpd/conf.modules.d/00-proxy.conf.default +++ /dev/null @@ -1,17 +0,0 @@ -# This file configures all the proxy modules: -LoadModule proxy_module modules/mod_proxy.so -LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so -LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so -LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so -LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_express_module modules/mod_proxy_express.so -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so -LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so diff --git a/src/etc/services-config/httpd/conf.modules.d/00-ssl.conf.default b/src/etc/services-config/httpd/conf.modules.d/00-ssl.conf.default deleted file mode 100644 index 53235cd..0000000 --- a/src/etc/services-config/httpd/conf.modules.d/00-ssl.conf.default +++ /dev/null @@ -1 +0,0 @@ -LoadModule ssl_module modules/mod_ssl.so diff --git a/src/etc/services-config/httpd/conf/httpd.conf b/src/etc/services-config/httpd/conf/httpd.conf deleted file mode 100644 index dec6691..0000000 --- a/src/etc/services-config/httpd/conf/httpd.conf +++ /dev/null @@ -1,1016 +0,0 @@ -# -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/etc/httpd" will be interpreted by the -# server as "/etc/httpd/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# Don't give away too much information about all the subcomponents -# we are running. Comment out this line if you don't mind remote sites -# finding out what major optional modules you are running -ServerTokens Prod - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation -# (available at ); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -ServerRoot "/etc/httpd" - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. Note the PIDFILE variable in -# /etc/sysconfig/httpd must be set appropriately if this location is -# changed. -# -PidFile run/httpd.pid - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 60 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 200 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 2 - -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# ServerLimit: maximum value for MaxClients for the lifetime of the server -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves - -StartServers 8 -MinSpareServers 5 -MaxSpareServers 20 -ServerLimit 256 -MaxClients 256 -MaxRequestsPerChild 4000 - - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves - -StartServers 4 -MaxClients 300 -MinSpareThreads 25 -MaxSpareThreads 75 -ThreadsPerChild 25 -MaxRequestsPerChild 0 - - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, in addition to the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) -# -#Listen 12.34.56.78:80 -Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -#LoadModule auth_basic_module modules/mod_auth_basic.so -#LoadModule auth_digest_module modules/mod_auth_digest.so -#LoadModule authn_file_module modules/mod_authn_file.so -#LoadModule authn_alias_module modules/mod_authn_alias.so -#LoadModule authn_anon_module modules/mod_authn_anon.so -#LoadModule authn_dbm_module modules/mod_authn_dbm.so -#LoadModule authn_default_module modules/mod_authn_default.so -LoadModule authz_host_module modules/mod_authz_host.so -#LoadModule authz_user_module modules/mod_authz_user.so -#LoadModule authz_owner_module modules/mod_authz_owner.so -#LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -#LoadModule authz_dbm_module modules/mod_authz_dbm.so -#LoadModule authz_default_module modules/mod_authz_default.so -#LoadModule ldap_module modules/mod_ldap.so -#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -#LoadModule include_module modules/mod_include.so -LoadModule log_config_module modules/mod_log_config.so -#LoadModule logio_module modules/mod_logio.so -#LoadModule env_module modules/mod_env.so -#LoadModule ext_filter_module modules/mod_ext_filter.so -#LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule expires_module modules/mod_expires.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule headers_module modules/mod_headers.so -#LoadModule usertrack_module modules/mod_usertrack.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule mime_module modules/mod_mime.so -#LoadModule dav_module modules/mod_dav.so -LoadModule status_module modules/mod_status.so -#LoadModule autoindex_module modules/mod_autoindex.so -#LoadModule info_module modules/mod_info.so -#LoadModule dav_fs_module modules/mod_dav_fs.so -#LoadModule vhost_alias_module modules/mod_vhost_alias.so -#LoadModule negotiation_module modules/mod_negotiation.so -LoadModule dir_module modules/mod_dir.so -#LoadModule actions_module modules/mod_actions.so -#LoadModule speling_module modules/mod_speling.so -#LoadModule userdir_module modules/mod_userdir.so -LoadModule alias_module modules/mod_alias.so -#LoadModule substitute_module modules/mod_substitute.so -#LoadModule rewrite_module modules/mod_rewrite.so -#LoadModule proxy_module modules/mod_proxy.so -#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -#LoadModule proxy_http_module modules/mod_proxy_http.so -#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -#LoadModule proxy_connect_module modules/mod_proxy_connect.so -#LoadModule cache_module modules/mod_cache.so -#LoadModule suexec_module modules/mod_suexec.so -#LoadModule disk_cache_module modules/mod_disk_cache.so -#LoadModule cgi_module modules/mod_cgi.so -#LoadModule version_module modules/mod_version.so -#LoadModule reqtimeout_module modules/mod_reqtimeout.so - -# -# The following modules are not loaded by default: -# -#LoadModule asis_module modules/mod_asis.so -#LoadModule authn_dbd_module modules/mod_authn_dbd.so -#LoadModule cern_meta_module modules/mod_cern_meta.so -#LoadModule cgid_module modules/mod_cgid.so -#LoadModule dbd_module modules/mod_dbd.so -#LoadModule dumpio_module modules/mod_dumpio.so -#LoadModule filter_module modules/mod_filter.so -#LoadModule ident_module modules/mod_ident.so -#LoadModule log_forensic_module modules/mod_log_forensic.so -#LoadModule unique_id_module modules/mod_unique_id.so -# - -# -# Load config files from the config directory "/etc/httpd/conf.d". -# -Include conf.d/*.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# -User ${APACHE_RUN_USER} -Group ${APACHE_RUN_GROUP} - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin root@localhost - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. -# -#ServerName www.example.com:80 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -#DocumentRoot "/var/www/html" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# - - Options FollowSymLinks - AllowOverride None - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# - - -# -# Possible values for the Options directive are "None", "All", -# or any combination of: -# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# -# The Options directive is both complicated and important. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#options -# for more information. -# - Options Indexes FollowSymLinks - -# -# AllowOverride controls what directives may be placed in .htaccess files. -# It can be "All", "None", or any combination of the keywords: -# Options FileInfo AuthConfig Limit -# - AllowOverride None - -# -# Controls who can get stuff from this server. -# - Order allow,deny - Allow from all - - - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -# The path to the end user account 'public_html' directory must be -# accessible to the webserver userid. This usually means that ~userid -# must have permissions of 711, ~userid/public_html must have permissions -# of 755, and documents contained therein must be world-readable. -# Otherwise, the client will only receive a "403 Forbidden" message. -# -# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden -# - - # - # UserDir is disabled by default since it can confirm the presence - # of a username on the system (depending on home directory - # permissions). - # - UserDir disabled - - # - # To enable requests to /~user/ to serve the user's public_html - # directory, remove the "UserDir disabled" line above, and uncomment - # the following line instead: - # - #UserDir public_html - - - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -# -# AllowOverride FileInfo AuthConfig Limit -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# -# Order allow,deny -# Allow from all -# -# -# Order deny,allow -# Deny from all -# -# - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the -# same purpose, but it is much slower. -# -DirectoryIndex index.html index.html.var - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Order allow,deny - Deny from all - Satisfy All - - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig /etc/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# - -# MIMEMagicFile /usr/share/magic.mime - MIMEMagicFile conf/magic - - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile -# -#EnableSendfile off - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error_log - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this -# requires the mod_logio module to be loaded. -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a -# container, they will be logged here. Contrariwise, if you *do* -# define per- access logfiles, transactions will be -# logged therein and *not* in this file. -# -#CustomLog logs/access_log common - -# -# If you would like to have separate agent and referer logfiles, uncomment -# the following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# For a single logfile with access, agent, and referer information -# (Combined Logfile Format), use the following directive: -# -CustomLog logs/access_log combined - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature Off - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -#Alias /icons/ "/var/www/icons/" - -# -# Options Indexes MultiViews FollowSymLinks -# AllowOverride None -# Order allow,deny -# Allow from all -# - -# -# WebDAV module configuration section. -# - - # Location of the WebDAV lock database. - DAVLockDB /var/lib/dav/lockdb - - -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - -# -# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Order allow,deny - Allow from all - - -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar - -# -# Directives controlling the display of server-generated directory listings. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -#IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8 - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -#AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -#AddIconByType (TXT,/icons/text.gif) text/* -#AddIconByType (IMG,/icons/image2.gif) image/* -#AddIconByType (SND,/icons/sound2.gif) audio/* -#AddIconByType (VID,/icons/movie.gif) video/* - -#AddIcon /icons/binary.gif .bin .exe -#AddIcon /icons/binhex.gif .hqx -#AddIcon /icons/tar.gif .tar -#AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -#AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -#AddIcon /icons/a.gif .ps .ai .eps -#AddIcon /icons/layout.gif .html .shtml .htm .pdf -#AddIcon /icons/text.gif .txt -#AddIcon /icons/c.gif .c -#AddIcon /icons/p.gif .pl .py -#AddIcon /icons/f.gif .for -#AddIcon /icons/dvi.gif .dvi -#AddIcon /icons/uuencoded.gif .uu -#AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -#AddIcon /icons/tex.gif .tex -#AddIcon /icons/bomb.gif /core - -#AddIcon /icons/back.gif .. -#AddIcon /icons/hand.right.gif README -#AddIcon /icons/folder.gif ^^DIRECTORY^^ -#AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -#DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -#ReadmeName README.html -#HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -#IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -#AddLanguage ca .ca -#AddLanguage cs .cz .cs -#AddLanguage da .dk -#AddLanguage de .de -#AddLanguage el .el -#AddLanguage en .en -#AddLanguage eo .eo -#AddLanguage es .es -#AddLanguage et .et -#AddLanguage fr .fr -#AddLanguage he .he -#AddLanguage hr .hr -#AddLanguage it .it -#AddLanguage ja .ja -#AddLanguage ko .ko -#AddLanguage ltz .ltz -#AddLanguage nl .nl -#AddLanguage nn .nn -#AddLanguage no .no -#AddLanguage pl .po -#AddLanguage pt .pt -#AddLanguage pt-BR .pt-br -#AddLanguage ru .ru -#AddLanguage sv .sv -#AddLanguage zh-CN .zh-cn -#AddLanguage zh-TW .zh-tw - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -#LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -#ForceLanguagePriority Prefer Fallback - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz - -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz - -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# -# MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -#AddHandler cgi-script .cgi - -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -AddType text/html .shtml -AddOutputFilter INCLUDES .shtml - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /var/www/error/include/ files and -# copying them to /your/include/path/, even on a per-VirtualHost basis. -# - -Alias /error/ "/var/www/error/" - - - - - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - Order allow,deny - Allow from all - LanguagePriority en es de fr - ForceLanguagePriority Prefer Fallback - - -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - - - - -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# - - SetHandler server-status - Order deny,allow - Deny from all - Allow from localhost 127.0.0.1 - - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Proxy Server directives. Uncomment the following lines to -# enable the proxy server: -# -# -#ProxyRequests On -# -# -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Enable/disable the handling of HTTP/1.1 "Via:" headers. -# ("Full" adds the server version; "Block" removes all outgoing Via: headers) -# Set to one of: Off | On | Full | Block -# -#ProxyVia On - -# -# To enable a cache of proxied content, uncomment the following lines. -# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details. -# -# -# CacheEnable disk / -# CacheRoot "/var/cache/mod_proxy" -# -# - -# -# End of proxy directives. - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -#NameVirtualHost *:80 -# -# NOTE: NameVirtualHost cannot be used without a port specifier -# (e.g. :80) if mod_ssl is being used, due to the nature of the -# SSL protocol. -# - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -# -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common -# - -# -# Custom configuration -# -Options -Indexes -TraceEnable Off \ No newline at end of file diff --git a/src/etc/services-config/httpd/conf/httpd.conf.default b/src/etc/services-config/httpd/conf/httpd.conf.default deleted file mode 100644 index 1af75f1..0000000 --- a/src/etc/services-config/httpd/conf/httpd.conf.default +++ /dev/null @@ -1,1009 +0,0 @@ -# -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/etc/httpd" will be interpreted by the -# server as "/etc/httpd/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# Don't give away too much information about all the subcomponents -# we are running. Comment out this line if you don't mind remote sites -# finding out what major optional modules you are running -ServerTokens OS - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation -# (available at ); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -ServerRoot "/etc/httpd" - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. Note the PIDFILE variable in -# /etc/sysconfig/httpd must be set appropriately if this location is -# changed. -# -PidFile run/httpd.pid - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 60 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive Off - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 15 - -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# ServerLimit: maximum value for MaxClients for the lifetime of the server -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves - -StartServers 8 -MinSpareServers 5 -MaxSpareServers 20 -ServerLimit 256 -MaxClients 256 -MaxRequestsPerChild 4000 - - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves - -StartServers 4 -MaxClients 300 -MinSpareThreads 25 -MaxSpareThreads 75 -ThreadsPerChild 25 -MaxRequestsPerChild 0 - - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, in addition to the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) -# -#Listen 12.34.56.78:80 -Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_alias_module modules/mod_authn_alias.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_default_module modules/mod_authn_default.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_default_module modules/mod_authz_default.so -LoadModule ldap_module modules/mod_ldap.so -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -LoadModule include_module modules/mod_include.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule logio_module modules/mod_logio.so -LoadModule env_module modules/mod_env.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule expires_module modules/mod_expires.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule headers_module modules/mod_headers.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule mime_module modules/mod_mime.so -LoadModule dav_module modules/mod_dav.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule info_module modules/mod_info.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule dir_module modules/mod_dir.so -LoadModule actions_module modules/mod_actions.so -LoadModule speling_module modules/mod_speling.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule alias_module modules/mod_alias.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule cache_module modules/mod_cache.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule disk_cache_module modules/mod_disk_cache.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule version_module modules/mod_version.so - -# -# The following modules are not loaded by default: -# -#LoadModule asis_module modules/mod_asis.so -#LoadModule authn_dbd_module modules/mod_authn_dbd.so -#LoadModule cern_meta_module modules/mod_cern_meta.so -#LoadModule cgid_module modules/mod_cgid.so -#LoadModule dbd_module modules/mod_dbd.so -#LoadModule dumpio_module modules/mod_dumpio.so -#LoadModule filter_module modules/mod_filter.so -#LoadModule ident_module modules/mod_ident.so -#LoadModule log_forensic_module modules/mod_log_forensic.so -#LoadModule unique_id_module modules/mod_unique_id.so -# - -# -# Load config files from the config directory "/etc/httpd/conf.d". -# -Include conf.d/*.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# -User apache -Group apache - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin root@localhost - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. -# -#ServerName www.example.com:80 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/var/www/html" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# - - Options FollowSymLinks - AllowOverride None - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# - - -# -# Possible values for the Options directive are "None", "All", -# or any combination of: -# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# -# The Options directive is both complicated and important. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#options -# for more information. -# - Options Indexes FollowSymLinks - -# -# AllowOverride controls what directives may be placed in .htaccess files. -# It can be "All", "None", or any combination of the keywords: -# Options FileInfo AuthConfig Limit -# - AllowOverride None - -# -# Controls who can get stuff from this server. -# - Order allow,deny - Allow from all - - - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -# The path to the end user account 'public_html' directory must be -# accessible to the webserver userid. This usually means that ~userid -# must have permissions of 711, ~userid/public_html must have permissions -# of 755, and documents contained therein must be world-readable. -# Otherwise, the client will only receive a "403 Forbidden" message. -# -# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden -# - - # - # UserDir is disabled by default since it can confirm the presence - # of a username on the system (depending on home directory - # permissions). - # - UserDir disabled - - # - # To enable requests to /~user/ to serve the user's public_html - # directory, remove the "UserDir disabled" line above, and uncomment - # the following line instead: - # - #UserDir public_html - - - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -# -# AllowOverride FileInfo AuthConfig Limit -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# -# Order allow,deny -# Allow from all -# -# -# Order deny,allow -# Deny from all -# -# - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the -# same purpose, but it is much slower. -# -DirectoryIndex index.html index.html.var - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Order allow,deny - Deny from all - Satisfy All - - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig /etc/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# - -# MIMEMagicFile /usr/share/magic.mime - MIMEMagicFile conf/magic - - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile -# -#EnableSendfile off - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error_log - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this -# requires the mod_logio module to be loaded. -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a -# container, they will be logged here. Contrariwise, if you *do* -# define per- access logfiles, transactions will be -# logged therein and *not* in this file. -# -#CustomLog logs/access_log common - -# -# If you would like to have separate agent and referer logfiles, uncomment -# the following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# For a single logfile with access, agent, and referer information -# (Combined Logfile Format), use the following directive: -# -CustomLog logs/access_log combined - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/var/www/icons/" - - - Options Indexes MultiViews FollowSymLinks - AllowOverride None - Order allow,deny - Allow from all - - -# -# WebDAV module configuration section. -# - - # Location of the WebDAV lock database. - DAVLockDB /var/lib/dav/lockdb - - -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - -# -# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Order allow,deny - Allow from all - - -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar - -# -# Directives controlling the display of server-generated directory listings. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8 - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif /core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz - -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz - -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# -# MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -#AddHandler cgi-script .cgi - -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -AddType text/html .shtml -AddOutputFilter INCLUDES .shtml - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /var/www/error/include/ files and -# copying them to /your/include/path/, even on a per-VirtualHost basis. -# - -Alias /error/ "/var/www/error/" - - - - - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - Order allow,deny - Allow from all - LanguagePriority en es de fr - ForceLanguagePriority Prefer Fallback - - -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - - - - -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-status -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Proxy Server directives. Uncomment the following lines to -# enable the proxy server: -# -# -#ProxyRequests On -# -# -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Enable/disable the handling of HTTP/1.1 "Via:" headers. -# ("Full" adds the server version; "Block" removes all outgoing Via: headers) -# Set to one of: Off | On | Full | Block -# -#ProxyVia On - -# -# To enable a cache of proxied content, uncomment the following lines. -# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details. -# -# -# CacheEnable disk / -# CacheRoot "/var/cache/mod_proxy" -# -# - -# -# End of proxy directives. - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -NameVirtualHost *:80 -# -# NOTE: NameVirtualHost cannot be used without a port specifier -# (e.g. :80) if mod_ssl is being used, due to the nature of the -# SSL protocol. -# - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -# -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common -# diff --git a/src/etc/services-config/httpd/conf/httpd24.conf.default b/src/etc/services-config/httpd/conf/httpd24.conf.default deleted file mode 100644 index a7af0dc..0000000 --- a/src/etc/services-config/httpd/conf/httpd24.conf.default +++ /dev/null @@ -1,353 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so 'log/access_log' -# with ServerRoot set to '/www' will be interpreted by the -# server as '/www/log/access_log', where as '/log/access_log' will be -# interpreted as '/log/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/etc/httpd" - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -Include conf.modules.d/*.conf - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User apache -Group apache - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin root@localhost - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -#ServerName www.example.com:80 - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# blocks below. -# - - AllowOverride none - Require all denied - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/var/www/html" - -# -# Relax access to content within /var/www. -# - - AllowOverride None - # Allow open access: - Require all granted - - -# Further relax access to the default document root: - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - # - AllowOverride None - - # - # Controls who can get stuff from this server. - # - Require all granted - - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# - - DirectoryIndex index.html - - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog "logs/error_log" - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - - - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a - # container, they will be logged here. Contrariwise, if you *do* - # define per- access logfiles, transactions will be - # logged therein and *not* in this file. - # - #CustomLog "logs/access_log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - CustomLog "logs/access_log" combined - - - - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - - - -# -# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Require all granted - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig /etc/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - AddType text/html .shtml - AddOutputFilter INCLUDES .shtml - - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - - - # - # The mod_mime_magic module allows the server to use various hints from the - # contents of the file itself to determine its type. The MIMEMagicFile - # directive tells the module where the hint definitions are located. - # - MIMEMagicFile conf/magic - - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults if commented: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -EnableSendfile on - -# Supplemental configuration -# -# Load config files in the "/etc/httpd/conf.d" directory, if any. -IncludeOptional conf.d/*.conf diff --git a/src/etc/services-config/httpd/httpd-bootstrap.conf b/src/etc/services-config/httpd/httpd-bootstrap.conf deleted file mode 100644 index 16cb677..0000000 --- a/src/etc/services-config/httpd/httpd-bootstrap.conf +++ /dev/null @@ -1,28 +0,0 @@ - -APACHE_AUTOSTART_HTTPD_BOOTSTRAP="${APACHE_AUTOSTART_HTTPD_BOOTSTRAP:-true}" -APACHE_AUTOSTART_HTTPD_WRAPPER="${APACHE_AUTOSTART_HTTPD_WRAPPER:-true}" -APACHE_CONTENT_ROOT="${APACHE_CONTENT_ROOT:-/var/www/app}" -APACHE_CUSTOM_LOG_FORMAT="${APACHE_CUSTOM_LOG_FORMAT:-combined}" -APACHE_CUSTOM_LOG_LOCATION="${APACHE_CUSTOM_LOG_LOCATION:-var/log/apache_access_log}" -APACHE_ERROR_LOG_LOCATION="${APACHE_ERROR_LOG_LOCATION:-var/log/apache_error_log}" -APACHE_ERROR_LOG_LEVEL="${APACHE_ERROR_LOG_LEVEL:-warn}" -APACHE_EXTENDED_STATUS_ENABLED="${APACHE_EXTENDED_STATUS_ENABLED:-false}" -APACHE_HEADER_X_SERVICE_UID="${APACHE_HEADER_X_SERVICE_UID:-}" -APACHE_LOAD_MODULES="${APACHE_LOAD_MODULES:-}" -APACHE_MOD_SSL_ENABLED="${APACHE_MOD_SSL_ENABLED:-false}" -APACHE_MPM="${APACHE_MPM:-worker}" -APACHE_OPERATING_MODE="${APACHE_OPERATING_MODE:-production}" -APACHE_PUBLIC_DIRECTORY="${APACHE_PUBLIC_DIRECTORY:-public_html}" -APACHE_RUN_GROUP="${APACHE_RUN_GROUP:-app-www}" -APACHE_RUN_USER="${APACHE_RUN_USER:-app-www}" -APACHE_SERVER_ALIAS="${APACHE_SERVER_ALIAS:-}" -APACHE_SERVER_NAME="${APACHE_SERVER_NAME:-}" -APACHE_SSL_CERTIFICATE="${APACHE_SSL_CERTIFICATE:-}" -APACHE_SSL_CIPHER_SUITE="${APACHE_SSL_CIPHER_SUITE:-"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"}" -APACHE_SSL_PROTOCOL="${APACHE_SSL_PROTOCOL:-All -SSLv2 -SSLv3}" -APACHE_SYSTEM_USER="${APACHE_SYSTEM_USER:-app}" -PACKAGE_PATH="${PACKAGE_PATH}" -PHP_OPTIONS_DATE_TIMEZONE="${PHP_OPTIONS_DATE_TIMEZONE:-UTC}" -PHP_OPTIONS_SESSION_NAME="${PHP_OPTIONS_SESSION_NAME:-PHPSESSID}" -PHP_OPTIONS_SESSION_SAVE_HANDLER="${PHP_OPTIONS_SESSION_SAVE_HANDLER:-files}" -PHP_OPTIONS_SESSION_SAVE_PATH="${PHP_OPTIONS_SESSION_SAVE_PATH:-var/session}" diff --git a/src/etc/services-config/php/php-fpm.conf.default b/src/etc/services-config/php/php-fpm.conf.default deleted file mode 100644 index 1dd86e9..0000000 --- a/src/etc/services-config/php/php-fpm.conf.default +++ /dev/null @@ -1,119 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;; -; FPM Configuration ; -;;;;;;;;;;;;;;;;;;;;; - -; All relative paths in this configuration file are relative to PHP's install -; prefix. - -; Include one or more files. If glob(3) exists, it is used to include a bunch of -; files from a glob(3) pattern. This directive can be used everywhere in the -; file. -include=/etc/php-fpm.d/*.conf - -;;;;;;;;;;;;;;;;;; -; Global Options ; -;;;;;;;;;;;;;;;;;; - -[global] -; Pid file -; Default Value: none -pid = /run/php-fpm/php-fpm.pid - -; Error log file -; If it's set to "syslog", log is sent to syslogd instead of being written -; in a local file. -; Default Value: /var/log/php-fpm.log -error_log = /var/log/php-fpm/error.log - -; syslog_facility is used to specify what type of program is logging the -; message. This lets syslogd specify that messages from different facilities -; will be handled differently. -; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) -; Default Value: daemon -;syslog.facility = daemon - -; syslog_ident is prepended to every message. If you have multiple FPM -; instances running on the same server, you can change the default value -; which must suit common needs. -; Default Value: php-fpm -;syslog.ident = php-fpm - -; Log level -; Possible Values: alert, error, warning, notice, debug -; Default Value: notice -;log_level = notice - -; If this number of child processes exit with SIGSEGV or SIGBUS within the time -; interval set by emergency_restart_interval then FPM will restart. A value -; of '0' means 'Off'. -; Default Value: 0 -;emergency_restart_threshold = 0 - -; Interval of time used by emergency_restart_interval to determine when -; a graceful restart will be initiated. This can be useful to work around -; accidental corruptions in an accelerator's shared memory. -; Available Units: s(econds), m(inutes), h(ours), or d(ays) -; Default Unit: seconds -; Default Value: 0 -;emergency_restart_interval = 0 - -; Time limit for child processes to wait for a reaction on signals from master. -; Available units: s(econds), m(inutes), h(ours), or d(ays) -; Default Unit: seconds -; Default Value: 0 -;process_control_timeout = 0 - -; The maximum number of processes FPM will fork. This has been design to control -; the global number of processes when using dynamic PM within a lot of pools. -; Use it with caution. -; Note: A value of 0 indicates no limit -; Default Value: 0 -; process.max = 128 - -; Specify the nice(2) priority to apply to the master process (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool process will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -; process.priority = -19 - -; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. -; Default Value: yes -daemonize = yes - -; Set open file descriptor rlimit for the master process. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit for the master process. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Specify the event mechanism FPM will use. The following is available: -; - select (any POSIX os) -; - poll (any POSIX os) -; - epoll (linux >= 2.5.44) -; Default Value: not set (auto detection) -;events.mechanism = epoll - -; When FPM is build with systemd integration, specify the interval, -; in second, between health report notification to systemd. -; Set to 0 to disable. -; Available Units: s(econds), m(inutes), h(ours) -; Default Unit: seconds -; Default value: 10 -;systemd_interval = 10 - -;;;;;;;;;;;;;;;;;;;; -; Pool Definitions ; -;;;;;;;;;;;;;;;;;;;; - -; Multiple pools of child processes may be started with different listening -; ports and different management options. The name of the pool will be -; used in logs and stats. There is no limitation on the number of pools which -; FPM can handle. Your system will tell you anyway :) - -; See /etc/php-fpm.d/*.conf - diff --git a/src/etc/services-config/php/php-fpm.d/www.conf.default b/src/etc/services-config/php/php-fpm.d/www.conf.default deleted file mode 100644 index ff2aa12..0000000 --- a/src/etc/services-config/php/php-fpm.d/www.conf.default +++ /dev/null @@ -1,423 +0,0 @@ -; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the -; pool name ('www' here) -[www] - -; Per pool prefix -; It only applies on the following directives: -; - 'access.log' -; - 'slowlog' -; - 'listen' (unixsocket) -; - 'chroot' -; - 'chdir' -; - 'php_values' -; - 'php_admin_values' -; When not set, the global prefix (or @php_fpm_prefix@) applies instead. -; Note: This directive can also be relative to the global prefix. -; Default Value: none -;prefix = /path/to/pools/$pool - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = php-fpm -group = php-fpm - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on -; a specific port; -; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on -; a specific port; -; 'port' - to listen on a TCP socket to all IPv4 addresses on a -; specific port; -; '[::]:port' - to listen on a TCP socket to all addresses -; (IPv6 and IPv4-mapped) on a specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. -listen = 127.0.0.1:9000 -; WARNING: If you switch to a unix socket, you have to grant your webserver user -; access to that socket by setting listen.acl_users to the webserver user. -;listen = /run/php-fpm/www.sock - -; Set listen(2) backlog. -; Default Value: 65535 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 65535 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0660 -;listen.owner = root -;listen.group = root -;listen.mode = 0660 - -; When POSIX Access Control Lists are supported you can set them using -; these options, value is a comma separated list of user/group names. -; When set, listen.owner and listen.group are ignored -;listen.acl_users = apache,nginx -;listen.acl_users = apache -;listen.acl_users = nginx -;listen.acl_groups = - -; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -listen.allowed_clients = 127.0.0.1 - -; Specify the nice(2) priority to apply to the pool processes (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool processes will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -; process.priority = -19 - -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives. With this process management, there will be -; always at least 1 children. -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; ondemand - no children are created at startup. Children will be forked when -; new requests will connect. The following parameter are used: -; pm.max_children - the maximum number of children that -; can be alive at the same time. -; pm.process_idle_timeout - The number of seconds after which -; an idle process will be killed. -; Note: This value is mandatory. -pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. The below defaults are based on a server without much resources. Don't -; forget to tweak pm.* to fit your needs. -; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' -; Note: This value is mandatory. -pm.max_children = 50 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 5 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 5 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 35 - -; The number of seconds after which an idle process will be killed. -; Note: Used only when pm is set to 'ondemand' -; Default Value: 10s -;pm.process_idle_timeout = 10s; - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -;pm.max_requests = 500 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following informations: -; pool - the name of the pool; -; process manager - static, dynamic or ondemand; -; start time - the date and time FPM has started; -; start since - number of seconds since FPM has started; -; accepted conn - the number of request accepted by the pool; -; listen queue - the number of request in the queue of pending -; connections (see backlog in listen(2)); -; max listen queue - the maximum number of requests in the queue -; of pending connections since FPM has started; -; listen queue len - the size of the socket queue of pending connections; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes; -; max active processes - the maximum number of active processes since FPM -; has started; -; max children reached - number of times, the process limit has been reached, -; when pm tries to start more children (works only for -; pm 'dynamic' and 'ondemand'); -; Value are updated in real time. -; Example output: -; pool: www -; process manager: static -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 62636 -; accepted conn: 190460 -; listen queue: 0 -; max listen queue: 1 -; listen queue len: 42 -; idle processes: 4 -; active processes: 11 -; total processes: 15 -; max active processes: 12 -; max children reached: 0 -; -; By default the status page output is formatted as text/plain. Passing either -; 'html', 'xml' or 'json' in the query string will return the corresponding -; output syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; http://www.foo.bar/status?xml -; -; By default the status page only outputs short status. Passing 'full' in the -; query string will also return status for each pool process. -; Example: -; http://www.foo.bar/status?full -; http://www.foo.bar/status?json&full -; http://www.foo.bar/status?html&full -; http://www.foo.bar/status?xml&full -; The Full status returns for each process: -; pid - the PID of the process; -; state - the state of the process (Idle, Running, ...); -; start time - the date and time the process has started; -; start since - the number of seconds since the process has started; -; requests - the number of requests the process has served; -; request duration - the duration in µs of the requests; -; request method - the request method (GET, POST, ...); -; request URI - the request URI with the query string; -; content length - the content length of the request (only with POST); -; user - the user (PHP_AUTH_USER) (or '-' if not set); -; script - the main script called (or '-' if not set); -; last request cpu - the %cpu the last request consumed -; it's always 0 if the process is not in Idle state -; because CPU calculation is done when the request -; processing has terminated; -; last request memory - the max amount of memory the last request consumed -; it's always 0 if the process is not in Idle state -; because memory calculation is done when the request -; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to -; the current request being served. -; Example output: -; ************************ -; pid: 31330 -; state: Running -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 63087 -; requests: 12808 -; request duration: 1250261 -; request method: GET -; request URI: /test_mem.php?N=10000 -; content length: 0 -; user: - -; script: /home/fat/web/docs/php/test_mem.php -; last request cpu: 0.00 -; last request memory: 0 -; -; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: @EXPANDED_DATADIR@/fpm/status.html -; -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;pm.status_path = /status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The access log file -; Default: not set -;access.log = log/$pool.access.log - -; The access log format. -; The following syntax is allowed -; %%: the '%' character -; %C: %CPU used by the request -; it can accept the following format: -; - %{user}C for user CPU only -; - %{system}C for system CPU only -; - %{total}C for user + system CPU (default) -; %d: time taken to serve the request -; it can accept the following format: -; - %{seconds}d (default) -; - %{miliseconds}d -; - %{mili}d -; - %{microseconds}d -; - %{micro}d -; %e: an environment variable (same as $_ENV or $_SERVER) -; it must be associated with embraces to specify the name of the env -; variable. Some exemples: -; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e -; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e -; %f: script filename -; %l: content-length of the request (for POST request only) -; %m: request method -; %M: peak of memory allocated by PHP -; it can accept the following format: -; - %{bytes}M (default) -; - %{kilobytes}M -; - %{kilo}M -; - %{megabytes}M -; - %{mega}M -; %n: pool name -; %o: output header -; it must be associated with embraces to specify the name of the header: -; - %{Content-Type}o -; - %{X-Powered-By}o -; - %{Transfert-Encoding}o -; - .... -; %p: PID of the child that serviced the request -; %P: PID of the parent of the child that serviced the request -; %q: the query string -; %Q: the '?' character if query string exists -; %r: the request URI (without the query string, see %q and %Q) -; %R: remote IP address -; %s: status (response code) -; %t: server time the request was received -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; %T: time the log has been written (the request has finished) -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; %u: remote user -; -; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/php-fpm/www-slow.log - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_terminate_timeout = 0 - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: you can prefix with '$prefix' to chroot to the pool prefix or one -; of its subdirectories. If the pool prefix is not set, the global prefix -; will be used instead. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. -; Note: relative path can be used. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environement, this can cause some delay in the page -; process time (several ms). -; Default Value: no -;catch_workers_output = yes - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -; Default Value: yes -;clear_env = no - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env -;env[HOSTNAME] = $HOSTNAME -;env[PATH] = /usr/local/bin:/usr/bin:/bin -;env[TMP] = /tmp -;env[TMPDIR] = /tmp -;env[TEMP] = /tmp - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or @prefix@) - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -;php_flag[display_errors] = off -php_admin_value[error_log] = /var/log/php-fpm/www-error.log -php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 128M - -; Set session path to a directory owned by process user -php_value[session.save_handler] = files -php_value[session.save_path] = /var/lib/php-fpm/session -php_value[soap.wsdl_cache_dir] = /var/lib/php-fpm/wsdlcache - diff --git a/src/etc/services-config/php/php.d/00-php.ini b/src/etc/services-config/php/php.d/00-php.ini deleted file mode 100644 index d470393..0000000 --- a/src/etc/services-config/php/php.d/00-php.ini +++ /dev/null @@ -1,308 +0,0 @@ - -[PHP] -;user_ini.filename = ".user.ini" -user_ini.filename = -;user_ini.cache_ttl = 300 -engine = On -short_open_tag = Off -asp_tags = Off -precision = 14 -y2k_compliance = On -output_buffering = 4096 -;output_handler = -zlib.output_compression = Off -;zlib.output_compression_level = -1 -;zlib.output_handler = -implicit_flush = Off -unserialize_callback_func = -serialize_precision = 100 -allow_call_time_pass_reference = Off -safe_mode = Off -safe_mode_gid = Off -safe_mode_include_dir = -safe_mode_exec_dir = -safe_mode_allowed_env_vars = PHP_ -safe_mode_protected_env_vars = LD_LIBRARY_PATH -;open_basedir = -disable_functions = -disable_classes = -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.bg = #FFFFFF -;highlight.default = #0000BB -;highlight.html = #000000 -;ignore_user_abort = On -;realpath_cache_size = 16k -;realpath_cache_ttl = 120 -expose_php = Off -max_execution_time = 30 -max_input_time = 60 -;max_input_nesting_level = 64 -memory_limit = 128M -error_reporting = E_ALL & ~E_DEPRECATED -display_errors = Off -display_startup_errors = Off -log_errors = On -log_errors_max_len = 1024 -ignore_repeated_errors = Off -ignore_repeated_source = Off -report_memleaks = On -;report_zend_debug = 0 -track_errors = Off -;xmlrpc_errors = 0 -;xmlrpc_error_number = 0 -html_errors = Off -;docref_root = "/phpmanual/" -;docref_ext = .html -;error_prepend_string = "" -;error_append_string = "" -;error_log = php_errors.log -;error_log = syslog -;arg_separator.output = "&" -;arg_separator.input = ";&" -variables_order = "GPCS" -request_order = "GP" -register_globals = Off -register_long_arrays = Off -register_argc_argv = Off -auto_globals_jit = On -post_max_size = 8M -magic_quotes_gpc = Off -magic_quotes_runtime = Off -magic_quotes_sybase = Off -auto_prepend_file = -auto_append_file = -default_mimetype = "text/html" -;default_charset = "iso-8859-1" -;always_populate_raw_post_data = On -;include_path = ".:/php/includes" -;include_path = ".;c:\php\includes" -doc_root = -user_dir = -enable_dl = Off -;cgi.force_redirect = 1 -;cgi.nph = 1 -;cgi.redirect_status_env = ; -cgi.fix_pathinfo=1 -;fastcgi.impersonate = 1; -;fastcgi.logging = 0 -;cgi.rfc2616_headers = 0 -file_uploads = On -;upload_tmp_dir = -upload_max_filesize = 2M -allow_url_fopen = On -allow_url_include = Off -;from="john@doe.com" -;user_agent="PHP" -default_socket_timeout = 60 -;auto_detect_line_endings = Off - -[Date] -date.timezone = UTC -;date.default_latitude = 31.7667 -;date.default_longitude = 35.2333 -;date.sunrise_zenith = 90.583333 -;date.sunset_zenith = 90.583333 - -[filter] -;filter.default = unsafe_raw -;filter.default_flags = - -[iconv] -;iconv.input_encoding = ISO-8859-1 -;iconv.internal_encoding = ISO-8859-1 -;iconv.output_encoding = ISO-8859-1 - -[intl] -;intl.default_locale = - -[sqlite] -;sqlite.assoc_case = 0 - -[sqlite3] -;sqlite3.extension_dir = - -[Pcre] -;PCRE library backtracking limit. -;pcre.backtrack_limit=100000 -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -;pcre.recursion_limit=100000 - -[Pdo] -;pdo_odbc.connection_pooling=strict - -[Phar] -;phar.readonly = On -;phar.require_hash = On -;phar.cache_list = - -[Syslog] -define_syslog_variables = Off - -[mail function] -SMTP = localhost -smtp_port = 25 -;sendmail_from = me@example.com -sendmail_path = /usr/sbin/sendmail -t -i -;mail.force_extra_parameters = -mail.add_x_header = On -;mail.log = - -[SQL] -sql.safe_mode = Off - -[ODBC] -;odbc.default_db = Not yet implemented -;odbc.default_user = Not yet implemented -;odbc.default_pw = Not yet implemented -odbc.allow_persistent = On -odbc.check_persistent = On -odbc.max_persistent = -1 -odbc.max_links = -1 -odbc.defaultlrl = 4096 -odbc.defaultbinmode = 1 -;birdstep.max_links = -1 - -[MySQL] -mysql.allow_persistent = On -mysql.max_persistent = -1 -mysql.max_links = -1 -mysql.default_port = -mysql.default_socket = -mysql.default_host = -mysql.default_user = -mysql.default_password = -mysql.connect_timeout = 60 -mysql.trace_mode = Off - -[MySQLi] -mysqli.max_links = -1 -mysqli.default_port = 3306 -mysqli.default_socket = -mysqli.default_host = -mysqli.default_user = -mysqli.default_pw = -mysqli.reconnect = Off - -[PostgresSQL] -pgsql.allow_persistent = On -pgsql.auto_reset_persistent = Off -pgsql.max_persistent = -1 -pgsql.max_links = -1 -pgsql.ignore_notice = 0 -pgsql.log_notice = 0 - -[Sybase-CT] -sybct.allow_persistent = On -sybct.max_persistent = -1 -sybct.max_links = -1 -sybct.min_server_severity = 10 -sybct.min_client_severity = 10 -;sybct.timeout= -;sybct.packet_size - -[bcmath] -bcmath.scale = 0 - -[browscap] -;browscap = extra/browscap.ini - -[Session] -session.save_handler = "${PHP_OPTIONS_SESSION_SAVE_HANDLER:-files}" -session.save_path = "${PHP_OPTIONS_SESSION_SAVE_PATH:-/var/lib/php/session}" -session.use_cookies = 1 -;session.cookie_secure = -session.use_only_cookies = 1 -session.name = PHPSESSID -session.auto_start = 0 -session.cookie_lifetime = 0 -session.cookie_path = / -session.cookie_domain = -session.cookie_httponly = -session.serialize_handler = php -session.gc_probability = 1 -session.gc_divisor = 1000 -session.gc_maxlifetime = 1440 -session.bug_compat_42 = Off -session.bug_compat_warn = Off -session.referer_check = -session.entropy_length = 0 -;session.entropy_file = /dev/urandom -session.entropy_file = -;session.entropy_length = 16 -session.cache_limiter = nocache -session.cache_expire = 180 -session.use_trans_sid = 0 -session.hash_function = 0 -session.hash_bits_per_character = 5 -url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" - -[MSSQL] -mssql.allow_persistent = On -mssql.max_persistent = -1 -mssql.max_links = -1 -mssql.min_error_severity = 10 -mssql.min_message_severity = 10 -mssql.compatability_mode = Off -;mssql.connect_timeout = 5 -;mssql.timeout = 60 -;mssql.textlimit = 4096 -;mssql.textsize = 4096 -;mssql.batchsize = 0 -;mssql.datetimeconvert = On -mssql.secure_connection = Off -;mssql.max_procs = -1 -;mssql.charset = "ISO-8859-1" - -[Assertion] -;assert.active = On -;assert.warning = On -;assert.bail = Off -;assert.callback = 0 -;assert.quiet_eval = 0 - -[COM] -;com.typelib_file = -;com.allow_dcom = true -;com.autoregister_typelib = true -;com.autoregister_casesensitive = false -;com.autoregister_verbose = true - -[mbstring] -;mbstring.language = Japanese -;mbstring.internal_encoding = EUC-JP -;mbstring.http_input = auto -;mbstring.http_output = SJIS -;mbstring.encoding_translation = Off -;mbstring.detect_order = auto -;mbstring.substitute_character = none; -;mbstring.func_overload = 0 -;mbstring.strict_detection = Off -;mbstring.http_output_conv_mimetype= - -[gd] -;gd.jpeg_ignore_warning = 0 - -[exif] -;exif.encode_unicode = ISO-8859-15 -;exif.decode_unicode_motorola = UCS-2BE -;exif.decode_unicode_intel = UCS-2LE -;exif.encode_jis = -;exif.decode_jis_motorola = JIS -;exif.decode_jis_intel = JIS - -[Tidy] -;tidy.default_config = /usr/local/lib/php/default.tcfg -tidy.clean_output = Off - -[soap] -soap.wsdl_cache_enabled=1 -soap.wsdl_cache_dir="/tmp" -soap.wsdl_cache_ttl=86400 - -[sysvshm] -;sysvshm.init_mem = 10000 diff --git a/src/etc/services-config/php/php.d/00-php.ini.default b/src/etc/services-config/php/php.d/00-php.ini.default deleted file mode 100644 index 0d17ccc..0000000 --- a/src/etc/services-config/php/php.d/00-php.ini.default +++ /dev/null @@ -1,308 +0,0 @@ - -[PHP] -;user_ini.filename = ".user.ini" -;user_ini.filename = -;user_ini.cache_ttl = 300 -engine = On -short_open_tag = Off -asp_tags = Off -precision = 14 -y2k_compliance = On -output_buffering = 4096 -;output_handler = -zlib.output_compression = Off -;zlib.output_compression_level = -1 -;zlib.output_handler = -implicit_flush = Off -unserialize_callback_func = -serialize_precision = 100 -allow_call_time_pass_reference = Off -safe_mode = Off -safe_mode_gid = Off -safe_mode_include_dir = -safe_mode_exec_dir = -safe_mode_allowed_env_vars = PHP_ -safe_mode_protected_env_vars = LD_LIBRARY_PATH -;open_basedir = -disable_functions = -disable_classes = -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.bg = #FFFFFF -;highlight.default = #0000BB -;highlight.html = #000000 -;ignore_user_abort = On -;realpath_cache_size = 16k -;realpath_cache_ttl = 120 -expose_php = On -max_execution_time = 30 -max_input_time = 60 -;max_input_nesting_level = 64 -memory_limit = 128M -error_reporting = E_ALL & ~E_DEPRECATED -display_errors = Off -display_startup_errors = Off -log_errors = On -log_errors_max_len = 1024 -ignore_repeated_errors = Off -ignore_repeated_source = Off -report_memleaks = On -;report_zend_debug = 0 -track_errors = Off -;xmlrpc_errors = 0 -;xmlrpc_error_number = 0 -html_errors = Off -;docref_root = "/phpmanual/" -;docref_ext = .html -;error_prepend_string = "" -;error_append_string = "" -;error_log = php_errors.log -;error_log = syslog -;arg_separator.output = "&" -;arg_separator.input = ";&" -variables_order = "GPCS" -request_order = "GP" -register_globals = Off -register_long_arrays = Off -register_argc_argv = Off -auto_globals_jit = On -post_max_size = 8M -magic_quotes_gpc = Off -magic_quotes_runtime = Off -magic_quotes_sybase = Off -auto_prepend_file = -auto_append_file = -default_mimetype = "text/html" -;default_charset = "iso-8859-1" -;always_populate_raw_post_data = On -;include_path = ".:/php/includes" -;include_path = ".;c:\php\includes" -doc_root = -user_dir = -enable_dl = Off -;cgi.force_redirect = 1 -;cgi.nph = 1 -;cgi.redirect_status_env = ; -;cgi.fix_pathinfo=1 -;fastcgi.impersonate = 1; -;fastcgi.logging = 0 -;cgi.rfc2616_headers = 0 -file_uploads = On -;upload_tmp_dir = -upload_max_filesize = 2M -allow_url_fopen = On -allow_url_include = Off -;from="john@doe.com" -;user_agent="PHP" -default_socket_timeout = 60 -;auto_detect_line_endings = Off - -[Date] -;date.timezone = -;date.default_latitude = 31.7667 -;date.default_longitude = 35.2333 -;date.sunrise_zenith = 90.583333 -;date.sunset_zenith = 90.583333 - -[filter] -;filter.default = unsafe_raw -;filter.default_flags = - -[iconv] -;iconv.input_encoding = ISO-8859-1 -;iconv.internal_encoding = ISO-8859-1 -;iconv.output_encoding = ISO-8859-1 - -[intl] -;intl.default_locale = - -[sqlite] -;sqlite.assoc_case = 0 - -[sqlite3] -;sqlite3.extension_dir = - -[Pcre] -;PCRE library backtracking limit. -;pcre.backtrack_limit=100000 -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -;pcre.recursion_limit=100000 - -[Pdo] -;pdo_odbc.connection_pooling=strict - -[Phar] -;phar.readonly = On -;phar.require_hash = On -;phar.cache_list = - -[Syslog] -define_syslog_variables = Off - -[mail function] -SMTP = localhost -smtp_port = 25 -;sendmail_from = me@example.com -sendmail_path = /usr/sbin/sendmail -t -i -;mail.force_extra_parameters = -mail.add_x_header = On -;mail.log = - -[SQL] -sql.safe_mode = Off - -[ODBC] -;odbc.default_db = Not yet implemented -;odbc.default_user = Not yet implemented -;odbc.default_pw = Not yet implemented -odbc.allow_persistent = On -odbc.check_persistent = On -odbc.max_persistent = -1 -odbc.max_links = -1 -odbc.defaultlrl = 4096 -odbc.defaultbinmode = 1 -;birdstep.max_links = -1 - -[MySQL] -mysql.allow_persistent = On -mysql.max_persistent = -1 -mysql.max_links = -1 -mysql.default_port = -mysql.default_socket = -mysql.default_host = -mysql.default_user = -mysql.default_password = -mysql.connect_timeout = 60 -mysql.trace_mode = Off - -[MySQLi] -mysqli.max_links = -1 -mysqli.default_port = 3306 -mysqli.default_socket = -mysqli.default_host = -mysqli.default_user = -mysqli.default_pw = -mysqli.reconnect = Off - -[PostgresSQL] -pgsql.allow_persistent = On -pgsql.auto_reset_persistent = Off -pgsql.max_persistent = -1 -pgsql.max_links = -1 -pgsql.ignore_notice = 0 -pgsql.log_notice = 0 - -[Sybase-CT] -sybct.allow_persistent = On -sybct.max_persistent = -1 -sybct.max_links = -1 -sybct.min_server_severity = 10 -sybct.min_client_severity = 10 -;sybct.timeout= -;sybct.packet_size - -[bcmath] -bcmath.scale = 0 - -[browscap] -;browscap = extra/browscap.ini - -[Session] -session.save_handler = files -;session.save_path = "/tmp" -session.use_cookies = 1 -;session.cookie_secure = -session.use_only_cookies = 1 -session.name = PHPSESSID -session.auto_start = 0 -session.cookie_lifetime = 0 -session.cookie_path = / -session.cookie_domain = -session.cookie_httponly = -session.serialize_handler = php -session.gc_probability = 1 -session.gc_divisor = 1000 -session.gc_maxlifetime = 1440 -session.bug_compat_42 = Off -session.bug_compat_warn = Off -session.referer_check = -session.entropy_length = 0 -;session.entropy_file = /dev/urandom -session.entropy_file = -;session.entropy_length = 16 -session.cache_limiter = nocache -session.cache_expire = 180 -session.use_trans_sid = 0 -session.hash_function = 0 -session.hash_bits_per_character = 5 -url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" - -[MSSQL] -mssql.allow_persistent = On -mssql.max_persistent = -1 -mssql.max_links = -1 -mssql.min_error_severity = 10 -mssql.min_message_severity = 10 -mssql.compatability_mode = Off -;mssql.connect_timeout = 5 -;mssql.timeout = 60 -;mssql.textlimit = 4096 -;mssql.textsize = 4096 -;mssql.batchsize = 0 -;mssql.datetimeconvert = On -mssql.secure_connection = Off -;mssql.max_procs = -1 -;mssql.charset = "ISO-8859-1" - -[Assertion] -;assert.active = On -;assert.warning = On -;assert.bail = Off -;assert.callback = 0 -;assert.quiet_eval = 0 - -[COM] -;com.typelib_file = -;com.allow_dcom = true -;com.autoregister_typelib = true -;com.autoregister_casesensitive = false -;com.autoregister_verbose = true - -[mbstring] -;mbstring.language = Japanese -;mbstring.internal_encoding = EUC-JP -;mbstring.http_input = auto -;mbstring.http_output = SJIS -;mbstring.encoding_translation = Off -;mbstring.detect_order = auto -;mbstring.substitute_character = none; -;mbstring.func_overload = 0 -;mbstring.strict_detection = Off -;mbstring.http_output_conv_mimetype= - -[gd] -;gd.jpeg_ignore_warning = 0 - -[exif] -;exif.encode_unicode = ISO-8859-15 -;exif.decode_unicode_motorola = UCS-2BE -;exif.decode_unicode_intel = UCS-2LE -;exif.encode_jis = -;exif.decode_jis_motorola = JIS -;exif.decode_jis_intel = JIS - -[Tidy] -;tidy.default_config = /usr/local/lib/php/default.tcfg -tidy.clean_output = Off - -[soap] -soap.wsdl_cache_enabled=1 -soap.wsdl_cache_dir="/tmp" -soap.wsdl_cache_ttl=86400 - -[sysvshm] -;sysvshm.init_mem = 10000 diff --git a/src/etc/services-config/php/php.d/10-opcache.ini b/src/etc/services-config/php/php.d/10-opcache.ini deleted file mode 100644 index 815f9be..0000000 --- a/src/etc/services-config/php/php.d/10-opcache.ini +++ /dev/null @@ -1,26 +0,0 @@ -zend_extension=opcache.so -opcache.enable=1 -opcache.enable_cli=1 -opcache.memory_consumption=128 -opcache.interned_strings_buffer=8 -opcache.max_accelerated_files=32531 -;opcache.max_wasted_percentage=5 -;opcache.use_cwd=1 -opcache.validate_timestamps=0 -;opcache.revalidate_freq=2 -;opcache.revalidate_path=0 -;opcache.save_comments=1 -;opcache.load_comments=1 -opcache.fast_shutdown=1 -;opcache.enable_file_override=0 -;opcache.optimization_level=0xffffffff -;opcache.inherited_hack=1 -;opcache.dups_fix=0 -opcache.blacklist_filename=/etc/php.d/opcache*.blacklist -;opcache.max_file_size=0 -;opcache.consistency_checks=0 -;opcache.force_restart_timeout=180 -;opcache.error_log= -;opcache.log_verbosity_level=1 -;opcache.preferred_memory_model= -;opcache.protect_memory=0 diff --git a/src/etc/services-config/php/php.d/10-opcache.ini.default b/src/etc/services-config/php/php.d/10-opcache.ini.default deleted file mode 100644 index ea74046..0000000 --- a/src/etc/services-config/php/php.d/10-opcache.ini.default +++ /dev/null @@ -1,26 +0,0 @@ -zend_extension=opcache.so -opcache.enable=1 -;opcache.enable_cli=0 -opcache.memory_consumption=128 -opcache.interned_strings_buffer=8 -opcache.max_accelerated_files=4000 -;opcache.max_wasted_percentage=5 -;opcache.use_cwd=1 -;opcache.validate_timestamps=1 -;opcache.revalidate_freq=2 -;opcache.revalidate_path=0 -;opcache.save_comments=1 -;opcache.load_comments=1 -opcache.fast_shutdown=1 -;opcache.enable_file_override=0 -;opcache.optimization_level=0xffffffff -;opcache.inherited_hack=1 -;opcache.dups_fix=0 -opcache.blacklist_filename=/etc/php.d/opcache*.blacklist -;opcache.max_file_size=0 -;opcache.consistency_checks=0 -;opcache.force_restart_timeout=180 -;opcache.error_log= -;opcache.log_verbosity_level=1 -;opcache.preferred_memory_model= -;opcache.protect_memory=0 diff --git a/src/etc/services-config/php/php.ini.default b/src/etc/services-config/php/php.ini.default deleted file mode 100644 index 72fec8f..0000000 --- a/src/etc/services-config/php/php.ini.default +++ /dev/null @@ -1,1659 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; PHP's initialization file, generally called php.ini, is responsible for -; configuring many of the aspects of PHP's behavior. - -; PHP attempts to find and load this configuration from a number of locations. -; The following is a summary of its search order: -; 1. SAPI module specific location. -; 2. The PHPRC environment variable. (As of PHP 5.2.0) -; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) -; 4. Current working directory (except CLI) -; 5. The web server's directory (for SAPI modules), or directory of PHP -; (otherwise in Windows) -; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) -; See the PHP docs for more specific information. -; http://www.php.net/manual/en/configuration.file.php - -; The syntax of the file is extremely simple. Whitespace and Lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. - -; Directives following the section heading [PATH=/www/mysite] only -; apply to PHP files in the /www/mysite directory. Directives -; following the section heading [HOST=www.example.com] only apply to -; PHP files served from www.example.com. Directives set in these -; special sections cannot be overridden by user-defined INI files or -; at runtime. Currently, [PATH=] and [HOST=] sections only work under -; CGI/FastCGI. -; http://www.php.net/manual/en/ini.sections.php - -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; Directives are variables used to configure PHP or PHP extensions. -; There is no name validation. If PHP can't find an expected -; directive because it is not set or is mistyped, a default value will be used. - -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a -; previously set variable or directive (e.g. ${foo}) - -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; ^ bitwise XOR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT - -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. - -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: - -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' - -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. - -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; PHP comes packaged with two INI files. One that is recommended to be used -; in production environments and one that is recommended to be used in -; development environments. - -; php.ini-production contains settings which hold security, performance and -; best practices at its core. But please be aware, these settings may break -; compatibility with older or less security conscience applications. We -; recommending using the production ini in production and testing environments. - -; php.ini-development is very similar to its production variant, except it's -; much more verbose when it comes to errors. We recommending using the -; development version only in development environments as errors shown to -; application users can inadvertently leak otherwise secure information. - -; This 2 files are provided, by RPM, in /usr/share/doc/php-common-*/ -; File used by RPM (the /etc/php.ini) is mainly the php.ini-production - -;;;;;;;;;;;;;;;;;;; -; Quick Reference ; -;;;;;;;;;;;;;;;;;;; -; The following are all the settings which are different in either the production -; or development versions of the INIs with respect to PHP's default behavior. -; Please see the actual settings later in the document for more details as to why -; we recommend these changes in PHP's behavior. - -; allow_call_time_pass_reference -; Default Value: On -; Development Value: Off -; Production Value: Off - -; display_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; display_startup_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; error_reporting -; Default Value: E_ALL & ~E_NOTICE -; Development Value: E_ALL | E_STRICT -; Production Value: E_ALL & ~E_DEPRECATED - -; html_errors -; Default Value: On -; Development Value: On -; Production value: Off - -; log_errors -; Default Value: Off -; Development Value: On -; Production Value: On - -; magic_quotes_gpc -; Default Value: On -; Development Value: Off -; Production Value: Off - -; max_input_time -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) - -; output_buffering -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 - -; register_argc_argv -; Default Value: On -; Development Value: Off -; Production Value: Off - -; register_long_arrays -; Default Value: On -; Development Value: Off -; Production Value: Off - -; request_order -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" - -; session.bug_compat_42 -; Default Value: On -; Development Value: On -; Production Value: Off - -; session.bug_compat_warn -; Default Value: On -; Development Value: On -; Production Value: Off - -; session.gc_divisor -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 - -; session.hash_bits_per_character -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 - -; short_open_tag -; Default Value: On -; Development Value: Off -; Production Value: Off - -; track_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; url_rewriter.tags -; Default Value: "a=href,area=href,frame=src,form=,fieldset=" -; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" - -; variables_order -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS" - -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -;user_ini.filename = ".user.ini" - -; To disable this feature set this option to empty value -user_ini.filename = - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -; http://www.php.net/manual/en/apache.configuration.php#ini.engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It's been -; recommended for several years that you not use the short tag "short cut" and -; instead to use the full tag combination. With the wide spread use -; of XML and use of these tags by other languages, the server can become easily -; confused and end up parsing the wrong code in the wrong context. But because -; this short cut has been a feature for such a long time, it's currently still -; supported for backwards compatibility, but we recommend you don't use them. -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://www.php.net/manual/en/ini.core.php#ini.short-open-tag -short_open_tag = Off - -; Allow ASP-style <% %> tags. -; http://www.php.net/manual/en/ini.core.php#ini.asp-tags -asp_tags = Off - -; The number of significant digits displayed in floating point numbers. -; http://www.php.net/manual/en/ini.core.php#ini.precision -precision = 14 - -; Enforce year 2000 compliance (will cause problems with non-compliant browsers) -; http://www.php.net/manual/en/ini.core.php#ini.y2k-compliance -y2k_compliance = On - -; Output buffering is a mechanism for controlling how much output data -; (excluding headers and cookies) PHP should keep internally before pushing that -; data to the client. If your application's output exceeds this setting, PHP -; will send that data in chunks of roughly the size you specify. -; Turning on this setting and managing its maximum buffer size can yield some -; interesting side-effects depending on your application and web server. -; You may be able to send headers and cookies after you've already sent output -; through print or echo. You also may see performance benefits if your server is -; emitting less packets due to buffered output versus PHP streaming the output -; as it gets it. On production servers, 4096 bytes is a good setting for performance -; reasons. -; Note: Output buffering can also be controlled via Output Buffering Control -; functions. -; Possible Values: -; On = Enabled and buffer is unlimited. (Use with caution) -; Off = Disabled -; Integer = Enables the buffer and sets its maximum size in bytes. -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 -; http://www.php.net/manual/en/outcontrol.configuration.php#ini.output-buffering -output_buffering = 4096 - -; You can redirect all of the output of your scripts to a function. For -; example, if you set output_handler to "mb_output_handler", character -; encoding will be transparently converted to the specified encoding. -; Setting any output handler automatically turns on output buffering. -; Note: People who wrote portable scripts should not depend on this ini -; directive. Instead, explicitly set the output handler using ob_start(). -; Using this ini directive may cause problems unless you know what script -; is doing. -; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" -; and you cannot use both "ob_gzhandler" and "zlib.output_compression". -; Note: output_handler must be empty if this is set 'On' !!!! -; Instead you must use zlib.output_handler. -; http://www.php.net/manual/en/outcontrol.configuration.php#ini.output-handler -;output_handler = - -; Transparent output compression using the zlib library -; Valid values for this option are 'off', 'on', or a specific buffer size -; to be used for compression (default is 4KB) -; Note: Resulting chunk size may vary due to nature of compression. PHP -; outputs chunks that are few hundreds bytes each as a result of -; compression. If you prefer a larger chunk size for better -; performance, enable output_buffering in addition. -; Note: You need to use zlib.output_handler instead of the standard -; output_handler, or otherwise the output will be corrupted. -; http://www.php.net/manual/en/zlib.configuration.php#ini.zlib.output-compression -zlib.output_compression = Off - -; http://www.php.net/manual/en/zlib.configuration.php#ini.zlib.output-compression-level -;zlib.output_compression_level = -1 - -; You cannot specify additional output handlers if zlib.output_compression -; is activated here. This setting does the same as output_handler but in -; a different order. -; http://www.php.net/manual/en/zlib.configuration.php#ini.zlib.output-handler -;zlib.output_handler = - -; Implicit flush tells PHP to tell the output layer to flush itself -; automatically after every output block. This is equivalent to calling the -; PHP function flush() after each and every call to print() or echo() and each -; and every HTML block. Turning this option on has serious performance -; implications and is generally recommended for debugging purposes only. -; http://www.php.net/manual/en/outcontrol.configuration.php#ini.implicit-flush -implicit_flush = Off - -; The unserialize callback function will be called (with the undefined class' -; name as parameter), if the unserializer finds an undefined class -; which should be instantiated. A warning appears if the specified function is -; not defined, or if the function doesn't include/implement the missing class. -; So only set this entry, if you really want to implement such a -; callback-function. -unserialize_callback_func = - -; When floats & doubles are serialized store serialize_precision significant -; digits after the floating point. The default value ensures that when floats -; are decoded with unserialize, the data will remain the same. -serialize_precision = 100 - -; This directive allows you to enable and disable warnings which PHP will issue -; if you pass a value by reference at function call time. Passing values by -; reference at function call time is a deprecated feature which will be removed -; from PHP at some point in the near future. The acceptable method for passing a -; value by reference to a function is by declaring the reference in the functions -; definition, not at call time. This directive does not disable this feature, it -; only determines whether PHP will warn you about it or not. These warnings -; should enabled in development environments only. -; Default Value: On (Suppress warnings) -; Development Value: Off (Issue warnings) -; Production Value: Off (Issue warnings) -; http://www.php.net/manual/en/ini.core.php#ini.allow-call-time-pass-reference -allow_call_time_pass_reference = Off - -; Safe Mode -; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode -safe_mode = Off - -; By default, Safe Mode does a UID compare check when -; opening files. If you want to relax this to a GID compare, -; then turn on safe_mode_gid. -; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode-gid -safe_mode_gid = Off - -; When safe_mode is on, UID/GID checks are bypassed when -; including files from this directory and its subdirectories. -; (directory must also be in include_path or full path must -; be used when including) -; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode-include-dir -safe_mode_include_dir = - -; When safe_mode is on, only executables located in the safe_mode_exec_dir -; will be allowed to be executed via the exec family of functions. -; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode-exec-dir -safe_mode_exec_dir = - -; Setting certain environment variables may be a potential security breach. -; This directive contains a comma-delimited list of prefixes. In Safe Mode, -; the user may only alter environment variables whose names begin with the -; prefixes supplied here. By default, users will only be able to set -; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). -; Note: If this directive is empty, PHP will let the user modify ANY -; environment variable! -; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode-allowed-env-vars -safe_mode_allowed_env_vars = PHP_ - -; This directive contains a comma-delimited list of environment variables that -; the end user won't be able to change using putenv(). These variables will be -; protected even if safe_mode_allowed_env_vars is set to allow to change them. -; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode-protected-env-vars -safe_mode_protected_env_vars = LD_LIBRARY_PATH - -; open_basedir, if set, limits all file operations to the defined directory -; and below. This directive makes most sense if used in a per-directory -; or per-virtualhost web server configuration file. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.open-basedir -;open_basedir = - -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.disable-functions -disable_functions = - -; This directive allows you to disable certain classes for security reasons. -; It receives a comma-delimited list of class names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.disable-classes -disable_classes = - -; Colors for Syntax Highlighting mode. Anything that's acceptable in -; would work. -; http://www.php.net/manual/en/misc.configuration.php#ini.syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.bg = #FFFFFF -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://www.php.net/manual/en/misc.configuration.php#ini.ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; http://www.php.net/manual/en/ini.core.php#ini.realpath-cache-size -;realpath_cache_size = 16k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://www.php.net/manual/en/ini.core.php#ini.realpath-cache-ttl -;realpath_cache_ttl = 120 - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://www.php.net/manual/en/ini.core.php#ini.expose-php -expose_php = On - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -; http://www.php.net/manual/en/info.configuration.php#ini.max-execution-time -max_execution_time = 30 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://www.php.net/manual/en/info.configuration.php#ini.max-input-time -max_input_time = 60 - -; Maximum input variable nesting level -; http://www.php.net/manual/en/info.configuration.php#ini.max-input-nesting-level -;max_input_nesting_level = 64 - -; Maximum amount of memory a script may consume (128MB) -; http://www.php.net/manual/en/ini.core.php#ini.memory-limit -memory_limit = 128M - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL | E_STRICT. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 6.0.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it's automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.) -; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.) -; Default Value: E_ALL & ~E_NOTICE -; Development Value: E_ALL | E_STRICT -; Production Value: E_ALL & ~E_DEPRECATED -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.error-reporting -error_reporting = E_ALL & ~E_DEPRECATED - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; It's recommended that errors be logged on production servers rather than -; having the errors sent to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors -display_errors = Off - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. But, it's strongly recommended that you -; leave this setting off on production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-startup-errors -display_startup_errors = Off - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.track-errors -track_errors = Off - -; Turn off normal error reporting and emit XML-RPC error XML -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of inserting html -; links to documentation related to that error. This directive controls whether -; those HTML links appear in error messages or not. For performance and security -; reasons, it's recommended you disable this on production servers. -; Default Value: On -; Development Value: On -; Production value: Off -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.html-errors -html_errors = Off - -; If html_errors is set On PHP produces clickable error messages that direct -; to a page describing the error or function causing the error in detail. -; You can download a copy of the PHP manual from http://www.php.net/docs.php -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty. -; Note: Never use this feature for production boxes. -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://www.php.net/manual/en/errorfunc.configuration.php#ini.error-log -; Example: -;error_log = php_errors.log -; Log errors to syslog (Event Log on NT, not valid in Windows 95). -;error_log = syslog - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -; Note - track_vars is ALWAYS enabled as of PHP 4.0.3 - -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://www.php.net/manual/en/ini.core.php#ini.arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://www.php.net/manual/en/ini.core.php#ini.arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. If the register_globals directive is enabled, it also determines -; what order variables are populated into the global space. G,P,C,E & S are -; abbreviations for the following respective super globals: GET, POST, COOKIE, -; ENV and SERVER. There is a performance penalty paid for the registration of -; these arrays and because ENV is not as commonly used as the others, ENV is -; is not recommended on productions servers. You can still get access to -; the environment variables through getenv() should you need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://www.php.net/manual/en/ini.core.php#ini.variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P,C,E & S) should -; be registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive are -; specified in the same manner as the variables_order directive, EXCEPT one. -; Leaving this value empty will cause PHP to use the value set in the -; variables_order directive. It does not mean it will leave the super globals -; array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://www.php.net/manual/en/ini.core.php#ini.request-order -request_order = "GP" - -; Whether or not to register the EGPCS variables as global variables. You may -; want to turn this off if you don't want to clutter your scripts' global scope -; with user data. This makes most sense when coupled with track_vars - in which -; case you can access all of the GPC variables through the $HTTP_*_VARS[], -; variables. -; You should do your best to write your scripts so that they do not require -; register_globals to be on; Using form variables as globals can easily lead -; to possible security problems, if the code is not very well thought of. -; http://www.php.net/manual/en/ini.core.php#ini.register-globals -register_globals = Off - -; Determines whether the deprecated long $HTTP_*_VARS type predefined variables -; are registered by PHP or not. As they are deprecated, we obviously don't -; recommend you use them. They are on by default for compatibility reasons but -; they are not recommended on production servers. -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://www.php.net/manual/en/ini.core.php#ini.register-long-arrays -register_long_arrays = Off - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://www.php.net/manual/en/ini.core.php#ini.register-argc-argv -register_argc_argv = Off - -; When enabled, the SERVER and ENV variables are created when they're first -; used (Just In Time) instead of when the script starts. If these variables -; are not used within a script, having this directive on will result in a -; performance gain. The PHP directives register_globals, register_long_arrays, -; and register_argc_argv must be disabled for this directive to have any affect. -; http://www.php.net/manual/en/ini.core.php#ini.auto-globals-jit -auto_globals_jit = On - -; Maximum size of POST data that PHP will accept. -; http://www.php.net/manual/en/ini.core.php#ini.post-max-size -post_max_size = 8M - -; Magic quotes are a preprocessing feature of PHP where PHP will attempt to -; escape any character sequences in GET, POST, COOKIE and ENV data which might -; otherwise corrupt data being placed in resources such as databases before -; making that data available to you. Because of character encoding issues and -; non-standard SQL implementations across many databases, it's not currently -; possible for this feature to be 100% accurate. PHP's default behavior is to -; enable the feature. We strongly recommend you use the escaping mechanisms -; designed specifically for the database your using instead of relying on this -; feature. Also note, this feature has been deprecated as of PHP 5.3.0 and is -; scheduled for removal in PHP 6. -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc -magic_quotes_gpc = Off - -; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. -; http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime -magic_quotes_runtime = Off - -; Use Sybase-style magic quotes (escape ' with '' instead of \'). -; http://www.php.net/manual/en/sybase.configuration.php#ini.magic-quotes-sybase -magic_quotes_sybase = Off - -; Automatically add files before PHP document. -; http://www.php.net/manual/en/ini.core.php#ini.auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://www.php.net/manual/en/ini.core.php#ini.auto-append-file -auto_append_file = - -; As of 4.0b4, PHP always outputs a character encoding by default in -; the Content-type: header. To disable sending of the charset, simply -; set it to be empty. -; -; PHP's built-in default is text/html -; http://www.php.net/manual/en/ini.core.php#ini.default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to empty. -; http://www.php.net/manual/en/ini.core.php#ini.default-charset -;default_charset = "iso-8859-1" - -; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is -; to disable this feature. -; http://www.php.net/manual/en/ini.core.php#ini.always-populate-raw-post-data -;always_populate_raw_post_data = On - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" -; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://www.php.net/manual/en/ini.core.php#ini.include-path - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://www.php.net/manual/en/ini.core.php#ini.doc-root -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://www.php.net/manual/en/ini.core.php#ini.user-dir -user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://www.php.net/manual/en/ini.core.php#ini.extension-dir -; extension_dir = "./" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://www.php.net/manual/en/info.configuration.php#ini.enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://www.php.net/manual/en/ini.core.php#ini.cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://www.php.net/manual/en/ini.core.php#ini.cgi.redirect-status-env -;cgi.redirect_status_env = ; - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo -cgi.fix_pathinfo=1 - -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://www.php.net/manual/en/ini.core.php#ini.fastcgi.impersonate -;fastcgi.impersonate = 1; - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If it's set 0 PHP sends Status: header that -; is supported by Apache. When this option is set to 1 PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://www.php.net/manual/en/ini.core.php#ini.cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -; http://www.php.net/manual/en/ini.core.php#ini.file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://www.php.net/manual/en/ini.core.php#ini.upload-tmp-dir -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -; http://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize -upload_max_filesize = 2M - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://www.php.net/manual/en/filesystem.configuration.php#ini.from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://www.php.net/manual/en/filesystem.configuration.php#ini.user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://www.php.net/manual/en/filesystem.configuration.php#ini.default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://www.php.net/manual/en/filesystem.configuration.php#ini.auto-detect-line-endings -;auto_detect_line_endings = Off - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; - -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename.extension -; -; For example -; -; extension=msql.so -; -; ... or with a path: -; -; extension=/path/to/extension/msql.so -; -; If you only provide the name of the extension, PHP will look for it in its -; default extension directory. - -;;;; -; Note: packaged extension modules are now loaded via the .ini files -; found in the directory /etc/php.d; these are loaded by default. -;;;; - - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[Date] -; Defines the default timezone used by the date functions -; http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone -date.timezone = UTC - -; http://www.php.net/manual/en/datetime.configuration.php#ini.date.default-latitude -;date.default_latitude = 31.7667 - -; http://www.php.net/manual/en/datetime.configuration.php#ini.date.default-longitude -;date.default_longitude = 35.2333 - -; http://www.php.net/manual/en/datetime.configuration.php#ini.date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://www.php.net/manual/en/datetime.configuration.php#ini.date.sunset-zenith -;date.sunset_zenith = 90.583333 - -[filter] -; http://www.php.net/manual/en/filter.configuration.php#ini.filter.default -;filter.default = unsafe_raw - -; http://www.php.net/manual/en/filter.configuration.php#ini.filter.default-flags -;filter.default_flags = - -[iconv] -;iconv.input_encoding = ISO-8859-1 -;iconv.internal_encoding = ISO-8859-1 -;iconv.output_encoding = ISO-8859-1 - -[intl] -;intl.default_locale = - -[sqlite] -; http://www.php.net/manual/en/sqlite.configuration.php#ini.sqlite.assoc-case -;sqlite.assoc_case = 0 - -[sqlite3] -;sqlite3.extension_dir = - -[Pcre] -;PCRE library backtracking limit. -; http://www.php.net/manual/en/pcre.configuration.php#ini.pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://www.php.net/manual/en/pcre.configuration.php#ini.pcre.recursion-limit -;pcre.recursion_limit=100000 - -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://www.php.net/manual/en/ref.pdo-odbc.php#ini.pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -[Phar] -; http://www.php.net/manual/en/phar.configuration.php#ini.phar.readonly -;phar.readonly = On - -; http://www.php.net/manual/en/phar.configuration.php#ini.phar.require-hash -;phar.require_hash = On - -;phar.cache_list = - -[Syslog] -; Whether or not to define the various syslog variables (e.g. $LOG_PID, -; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In -; runtime, you can define these variables by calling define_syslog_variables(). -; http://www.php.net/manual/en/network.configuration.php#ini.define-syslog-variables -define_syslog_variables = Off - -[mail function] -; For Win32 only. -; http://www.php.net/manual/en/mail.configuration.php#ini.smtp -SMTP = localhost -; http://www.php.net/manual/en/mail.configuration.php#ini.smtp-port -smtp_port = 25 - -; For Win32 only. -; http://www.php.net/manual/en/mail.configuration.php#ini.sendmail-from -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://www.php.net/manual/en/mail.configuration.php#ini.sendmail-path -sendmail_path = /usr/sbin/sendmail -t -i - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(), even in safe mode. -;mail.force_extra_parameters = - -; Add X-PHP-Originaiting-Script: that will include uid of the script followed by the filename -mail.add_x_header = On - -; Log all mail() calls including the full path of the script, line #, to address and headers -;mail.log = - -[SQL] -; http://www.php.net/manual/en/ini.core.php#ini.sql.safe-mode -sql.safe_mode = Off - -[ODBC] -; http://www.php.net/manual/en/odbc.configuration.php#ini.uodbc.default-db -;odbc.default_db = Not yet implemented - -; http://www.php.net/manual/en/odbc.configuration.php#ini.uodbc.default-user -;odbc.default_user = Not yet implemented - -; http://www.php.net/manual/en/odbc.configuration.php#ini.uodbc.default-pw -;odbc.default_pw = Not yet implemented - -; Allow or prevent persistent links. -; http://www.php.net/manual/en/odbc.configuration.php#ini.uodbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://www.php.net/manual/en/odbc.configuration.php#ini.uodbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://www.php.net/manual/en/odbc.configuration.php#ini.uodbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://www.php.net/manual/en/odbc.configuration.php#ini.uodbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://www.php.net/manual/en/odbc.configuration.php#ini.uodbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of uodbc.defaultlrl and uodbc.defaultbinmode -; http://www.php.net/manual/en/odbc.configuration.php#ini.uodbc.defaultbinmode -odbc.defaultbinmode = 1 - -;birdstep.max_links = -1 - -[MySQL] -; Allow or prevent persistent links. -; http://www.php.net/manual/en/mysql.configuration.php#ini.mysql.allow-persistent -mysql.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://www.php.net/manual/en/mysql.configuration.php#ini.mysql.max-persistent -mysql.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://www.php.net/manual/en/mysql.configuration.php#ini.mysql.max-links -mysql.max_links = -1 - -; Default port number for mysql_connect(). If unset, mysql_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://www.php.net/manual/en/mysql.configuration.php#ini.mysql.default-port -mysql.default_port = - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://www.php.net/manual/en/mysql.configuration.php#ini.mysql.default-socket -mysql.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://www.php.net/manual/en/mysql.configuration.php#ini.mysql.default-host -mysql.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://www.php.net/manual/en/mysql.configuration.php#ini.mysql.default-user -mysql.default_user = - -; Default password for mysql_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://www.php.net/manual/en/mysql.configuration.php#ini.mysql.default-password -mysql.default_password = - -; Maximum time (in seconds) for connect timeout. -1 means no limit -; http://www.php.net/manual/en/mysql.configuration.php#ini.mysql.connect-timeout -mysql.connect_timeout = 60 - -; Trace mode. When trace_mode is active (=On), warnings for table/index scans and -; SQL-Errors will be displayed. -; http://www.php.net/manual/en/mysql.configuration.php#ini.mysql.trace-mode -mysql.trace_mode = Off - -[MySQLi] - -; Maximum number of links. -1 means no limit. -; http://www.php.net/manual/en/mysqli.configuration.php#ini.mysqli.max-links -mysqli.max_links = -1 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://www.php.net/manual/en/mysqli.configuration.php#ini.mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://www.php.net/manual/en/mysqli.configuration.php#ini.mysqli.default-socket -mysqli.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://www.php.net/manual/en/mysqli.configuration.php#ini.mysqli.default-host -mysqli.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://www.php.net/manual/en/mysqli.configuration.php#ini.mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://www.php.net/manual/en/mysqli.configuration.php#ini.mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[PostgresSQL] -; Allow or prevent persistent links. -; http://www.php.net/manual/en/pgsql.configuration.php#ini.pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://www.php.net/manual/en/pgsql.configuration.php#ini.pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://www.php.net/manual/en/pgsql.configuration.php#ini.pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://www.php.net/manual/en/pgsql.configuration.php#ini.pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://www.php.net/manual/en/pgsql.configuration.php#ini.pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Noitce message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://www.php.net/manual/en/pgsql.configuration.php#ini.pgsql.log-notice -pgsql.log_notice = 0 - -[Sybase-CT] -; Allow or prevent persistent links. -; http://www.php.net/manual/en/sybase.configuration.php#ini.sybct.allow-persistent -sybct.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://www.php.net/manual/en/sybase.configuration.php#ini.sybct.max-persistent -sybct.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://www.php.net/manual/en/sybase.configuration.php#ini.sybct.max-links -sybct.max_links = -1 - -; Minimum server message severity to display. -; http://www.php.net/manual/en/sybase.configuration.php#ini.sybct.min-server-severity -sybct.min_server_severity = 10 - -; Minimum client message severity to display. -; http://www.php.net/manual/en/sybase.configuration.php#ini.sybct.min-client-severity -sybct.min_client_severity = 10 - -; Set per-context timeout -; http://www.php.net/manual/en/sybase.configuration.php#ini.sybct.timeout -;sybct.timeout= - -;sybct.packet_size - -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://www.php.net/manual/en/bc.configuration.php#ini.bcmath.scale -bcmath.scale = 0 - -[browscap] -; http://www.php.net/manual/en/misc.configuration.php#ini.browscap -;browscap = extra/browscap.ini - -[Session] -; Handler used to store/retrieve data. -; http://www.php.net/manual/en/session.configuration.php#ini.session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; As of PHP 4.0.1, you can define the path as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if you -; or your OS have problems with lots of files in one directory, and is -; a more efficient layout for servers that handle lots of sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://www.php.net/manual/en/session.configuration.php#ini.session.save-path -session.save_path = "/var/lib/php/session" - -; Whether to use cookies. -; http://www.php.net/manual/en/session.configuration.php#ini.session.use-cookies -session.use_cookies = 1 - -; http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combatting -; session hijacking when not specifying and managing your own session id. It is -; not the end all be all of session hijacking defense, but it's a good start. -; http://www.php.net/manual/en/session.configuration.php#ini.session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://www.php.net/manual/en/session.configuration.php#ini.session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://www.php.net/manual/en/session.configuration.php#ini.session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-httponly -session.cookie_httponly = - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://www.php.net/manual/en/session.configuration.php#ini.session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://www.php.net/manual/en/session.configuration.php#ini.session.gc-probability -session.gc_probability = 1 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://www.php.net/manual/en/session.configuration.php#ini.session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; cd /path/to/sessions; find -cmin +24 | xargs rm - -; PHP 4.2 and less have an undocumented feature/bug that allows you to -; to initialize a session variable in the global scope, even when register_globals -; is disabled. PHP 4.3 and later will warn you, if this feature is used. -; You can disable the feature and the warning separately. At this time, -; the warning is only displayed, if bug_compat_42 is enabled. This feature -; introduces some serious security problems if not handled correctly. It's -; recommended that you do not use this feature on production servers. But you -; should enable this on development servers and enable the warning as well. If you -; do not enable the feature on development servers, you won't be warned when it's -; used and debugging errors caused by this can be difficult to track down. -; Default Value: On -; Development Value: On -; Production Value: Off -; http://www.php.net/manual/en/session.configuration.php#ini.session.bug-compat-42 -session.bug_compat_42 = Off - -; This setting controls whether or not you are warned by PHP when initializing a -; session value into the global space. session.bug_compat_42 must be enabled before -; these warnings can be issued by PHP. See the directive above for more information. -; Default Value: On -; Development Value: On -; Production Value: Off -; http://www.php.net/manual/en/session.configuration.php#ini.session.bug-compat-warn -session.bug_compat_warn = Off - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://www.php.net/manual/en/session.configuration.php#ini.session.referer-check -session.referer_check = - -; How many bytes to read from the file. -; http://www.php.net/manual/en/session.configuration.php#ini.session.entropy-length -session.entropy_length = 0 - -; Specified here to create the session id. -; http://www.php.net/manual/en/session.configuration.php#ini.session.entropy-file -;session.entropy_file = /dev/urandom -session.entropy_file = - -; http://www.php.net/manual/en/session.configuration.php#ini.session.entropy-length -;session.entropy_length = 16 - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://www.php.net/manual/en/session.configuration.php#ini.session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://www.php.net/manual/en/session.configuration.php#ini.session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publically accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://www.php.net/manual/en/session.configuration.php#ini.session.use-trans-sid -session.use_trans_sid = 0 - -; Select a hash function for use in generating session ids. -; Possible Values -; 0 (MD5 128 bits) -; 1 (SHA-1 160 bits) -; http://www.php.net/manual/en/session.configuration.php#ini.session.hash-function -session.hash_function = 0 - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://www.php.net/manual/en/session.configuration.php#ini.session.hash-bits-per-character -session.hash_bits_per_character = 5 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -; form/fieldset are special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. If you want XHTML conformity, remove the form entry. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=,fieldset=" -; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; http://www.php.net/manual/en/session.configuration.php#ini.url-rewriter.tags -url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" - -[MSSQL] -; Allow or prevent persistent links. -mssql.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -mssql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -mssql.max_links = -1 - -; Minimum error severity to display. -mssql.min_error_severity = 10 - -; Minimum message severity to display. -mssql.min_message_severity = 10 - -; Compatibility mode with old versions of PHP 3.0. -mssql.compatability_mode = Off - -; Connect timeout -;mssql.connect_timeout = 5 - -; Query timeout -;mssql.timeout = 60 - -; Valid range 0 - 2147483647. Default = 4096. -;mssql.textlimit = 4096 - -; Valid range 0 - 2147483647. Default = 4096. -;mssql.textsize = 4096 - -; Limits the number of records in each batch. 0 = all records in one batch. -;mssql.batchsize = 0 - -; Specify how datetime and datetim4 columns are returned -; On => Returns data converted to SQL server settings -; Off => Returns values as YYYY-MM-DD hh:mm:ss -;mssql.datetimeconvert = On - -; Use NT authentication when connecting to the server -mssql.secure_connection = Off - -; Specify max number of processes. -1 = library default -; msdlib defaults to 25 -; FreeTDS defaults to 4096 -;mssql.max_procs = -1 - -; Specify client character set. -; If empty or not set the client charset from freetds.comf is used -; This is only used when compiled with FreeTDS -;mssql.charset = "ISO-8859-1" - -[Assertion] -; Assert(expr); active by default. -; http://www.php.net/manual/en/info.configuration.php#ini.assert.active -;assert.active = On - -; Issue a PHP warning for each failed assertion. -; http://www.php.net/manual/en/info.configuration.php#ini.assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://www.php.net/manual/en/info.configuration.php#ini.assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://www.php.net/manual/en/info.configuration.php#ini.assert.callback -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://www.php.net/manual/en/info.configuration.php#ini.assert.quiet-eval -;assert.quiet_eval = 0 - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://www.php.net/manual/en/com.configuration.php#ini.com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://www.php.net/manual/en/com.configuration.php#ini.com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a components typlib on com_load() -; http://www.php.net/manual/en/com.configuration.php#ini.com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://www.php.net/manual/en/com.configuration.php#ini.com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://www.php.net/manual/en/com.configuration.php#ini.com.autoregister-verbose -;com.autoregister_verbose = true - -[mbstring] -; language for internal character representation. -; http://www.php.net/manual/en/mbstring.configuration.php#ini.mbstring.language -;mbstring.language = Japanese - -; internal/script encoding. -; Some encoding cannot work as internal encoding. -; (e.g. SJIS, BIG5, ISO-2022-*) -; http://www.php.net/manual/en/mbstring.configuration.php#ini.mbstring.internal-encoding -;mbstring.internal_encoding = EUC-JP - -; http input encoding. -; http://www.php.net/manual/en/mbstring.configuration.php#ini.mbstring.http-input -;mbstring.http_input = auto - -; http output encoding. mb_output_handler must be -; registered as output buffer to function -; http://www.php.net/manual/en/mbstring.configuration.php#ini.mbstring.http-output -;mbstring.http_output = SJIS - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://www.php.net/manual/en/mbstring.configuration.php#ini.mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; auto means -; http://www.php.net/manual/en/mbstring.configuration.php#ini.mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://www.php.net/manual/en/mbstring.configuration.php#ini.mbstring.substitute-character -;mbstring.substitute_character = none; - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://www.php.net/manual/en/mbstring.configuration.php#ini.mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -;mbstring.strict_detection = Off - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://www.php.net/manual/en/image.configuration.php#ini.image.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 0 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://www.php.net/manual/en/exif.configuration.php#ini.exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://www.php.net/manual/en/exif.configuration.php#ini.exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://www.php.net/manual/en/exif.configuration.php#ini.exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://www.php.net/manual/en/exif.configuration.php#ini.exif.encode-jis -;exif.encode_jis = - -; http://www.php.net/manual/en/exif.configuration.php#ini.exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://www.php.net/manual/en/exif.configuration.php#ini.exif.decode-jis-intel -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://www.php.net/manual/en/tidy.configuration.php#ini.tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://www.php.net/manual/en/tidy.configuration.php#ini.tidy.clean-output -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -; http://www.php.net/manual/en/soap.configuration.php#ini.soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://www.php.net/manual/en/soap.configuration.php#ini.soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://www.php.net/manual/en/soap.configuration.php#ini.soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 - - -; Local Variables: -; tab-width: 4 -; End: diff --git a/src/etc/services-config/supervisor/supervisord.d/httpd-bootstrap.conf b/src/etc/supervisord.d/httpd-bootstrap.conf similarity index 61% rename from src/etc/services-config/supervisor/supervisord.d/httpd-bootstrap.conf rename to src/etc/supervisord.d/httpd-bootstrap.conf index 0542632..1f2195b 100644 --- a/src/etc/services-config/supervisor/supervisord.d/httpd-bootstrap.conf +++ b/src/etc/supervisord.d/httpd-bootstrap.conf @@ -1,10 +1,10 @@ [program:httpd-bootstrap] -priority = 6 -command = /usr/sbin/httpd-bootstrap +autorestart = false autostart = %(ENV_APACHE_AUTOSTART_HTTPD_BOOTSTRAP)s +command = /usr/sbin/httpd-bootstrap --verbose +priority = 6 +redirect_stderr = true startsecs = 0 startretries = 0 -autorestart = false -redirect_stderr = true -stdout_logfile = /var/log/httpd/error_log -stdout_events_enabled = true \ No newline at end of file +stdout_logfile = /dev/stdout +stdout_logfile_maxbytes = 0 diff --git a/src/etc/services-config/supervisor/supervisord.d/httpd-wrapper.conf b/src/etc/supervisord.d/httpd-wrapper.conf similarity index 72% rename from src/etc/services-config/supervisor/supervisord.d/httpd-wrapper.conf rename to src/etc/supervisord.d/httpd-wrapper.conf index fb45beb..d426a06 100644 --- a/src/etc/services-config/supervisor/supervisord.d/httpd-wrapper.conf +++ b/src/etc/supervisord.d/httpd-wrapper.conf @@ -1,9 +1,9 @@ [program:httpd-wrapper] -priority = 100 -command = /usr/sbin/httpd-wrapper -autostart = %(ENV_APACHE_AUTOSTART_HTTPD_WRAPPER)s -startsecs = 0 autorestart = true +autostart = %(ENV_APACHE_AUTOSTART_HTTPD_WRAPPER)s +command = /usr/sbin/httpd-wrapper +priority = 100 redirect_stderr = true -stdout_logfile = /var/log/httpd/error_log -stdout_events_enabled = true \ No newline at end of file +startsecs = 0 +stdout_logfile = /dev/stdout +stdout_logfile_maxbytes = 0 diff --git a/src/etc/systemd/system/centos-ssh-apache-php-fcgi.register@.service b/src/etc/systemd/system/centos-ssh-apache-php-fcgi.register@.service index b46aa3f..b2efc2a 100644 --- a/src/etc/systemd/system/centos-ssh-apache-php-fcgi.register@.service +++ b/src/etc/systemd/system/centos-ssh-apache-php-fcgi.register@.service @@ -1,26 +1,26 @@ -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Naming convention: # -# centos-ssh-apache-php@.service = {service-unit-install-template-name} -# | -# +----------------------- {image-name} +# centos-ssh-apache-php-fcgi@.service = {service-unit-install-template-name} +# | +# +----------------------- {image-name} # -# apache-php.pool-1.register@.service = {service-unit-template-name} -# Y | -# | +------------- {service-unit-companion-name} -# +----------------------- {service-unit-name} +# apache-php.register@.service = {service-unit-template-name} +# | | +# | +--------------- {service-unit-companion-name} +# +------------------------- {service-unit-name} # -# apache-php.pool-1.register@1.1.service = {service-unit-instance-name} -# Y | Y -# | | +----- {service-unit-instance} -# | +------------ {service-unit-companion-name} -# +----------------------- {service-unit-name} +# apache-php.register@1.service = {service-unit-instance-name} +# | | | +# | | +---------- {service-unit-instance} +# | +---------------- {service-unit-companion-name} +# +-------------------------- {service-unit-name} # -# apache-php.pool-1.1.1.register = {service-unit-long-name} -# Y Y | -# | | +-------- {service-unit-companion-name} -# | +-------------- {service-unit-instance} -# +----------------------- {service-unit-name} +# apache-php.1.register = {service-unit-long-name} +# | | | +# | | +----- {service-unit-companion-name} +# | +----------- {service-unit-instance} +# +------------------ {service-unit-name} # # To install: # sudo sed -e "s~{{SERVICE_UNIT_NAME}}~{service-unit-name}~g" \ @@ -37,7 +37,7 @@ # sudo systemctl disable -f {service-unit-instance-name} # sudo rm /etc/systemd/system/{service-unit-template-name} # sudo systemctl daemon-reload -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ [Unit] Description=centos-apache-php-fcgi etcd registration // %p@%i @@ -56,7 +56,12 @@ Environment="REGISTER_UPDATE_INTERVAL=55" # Unregister service ExecStartPre=/bin/bash -c \ - "if /usr/bin/etcdctl ${REGISTER_ETCD_PARAMETERS} ls ${REGISTER_KEY_ROOT} &> /dev/null; then \ + "if /usr/bin/etcdctl \ + ${REGISTER_ETCD_PARAMETERS} \ + ls \ + ${REGISTER_KEY_ROOT} \ + &> /dev/null; \ + then \ /usr/bin/etcdctl \ ${REGISTER_ETCD_PARAMETERS} \ rm \ @@ -66,31 +71,59 @@ ExecStartPre=/bin/bash -c \ # Register service ExecStart=/bin/bash -c \ - "until /usr/bin/etcdctl ${REGISTER_ETCD_PARAMETERS} get ${REGISTER_KEY_ROOT}/ports/tcp/80 &> /dev/null \ - || /usr/bin/etcdctl ${REGISTER_ETCD_PARAMETERS} get ${REGISTER_KEY_ROOT}/ports/tcp/443 &> /dev/null \ - || /usr/bin/etcdctl ${REGISTER_ETCD_PARAMETERS} get ${REGISTER_KEY_ROOT}/ports/tcp/8443 &> /dev/null; do \ - if /usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 80 &> /dev/null; then \ + "until /usr/bin/etcdctl \ + ${REGISTER_ETCD_PARAMETERS} \ + get \ + ${REGISTER_KEY_ROOT}/ports/tcp/80 \ + &> /dev/null \ + || /usr/bin/etcdctl \ + ${REGISTER_ETCD_PARAMETERS} \ + get \ + ${REGISTER_KEY_ROOT}/ports/tcp/443 \ + &> /dev/null; \ + || /usr/bin/etcdctl \ + ${REGISTER_ETCD_PARAMETERS} \ + get \ + ${REGISTER_KEY_ROOT}/ports/tcp/8443 \ + &> /dev/null; \ + do \ + if /usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 80 &> /dev/null; \ + then \ /usr/bin/etcdctl \ ${REGISTER_ETCD_PARAMETERS} \ mk \ ${REGISTER_KEY_ROOT}/ports/tcp/80 \ - \"$(/usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 80 | /usr/bin/sed 's~^[0-9.]*:~~')\" \ + \"$(/usr/bin/docker port \ + {{SERVICE_UNIT_NAME}}.%i \ + 80 \ + | /bin/sed 's~^[0-9.]*:~~' \ + )\" \ --ttl ${REGISTER_TTL} 2> /dev/null; \ fi; \ - if /usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 443 &> /dev/null; then \ + if /usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 443 &> /dev/null; \ + then \ /usr/bin/etcdctl \ ${REGISTER_ETCD_PARAMETERS} \ mk \ ${REGISTER_KEY_ROOT}/ports/tcp/443 \ - \"$(/usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 443 | /usr/bin/sed 's~^[0-9.]*:~~')\" \ + \"$(/usr/bin/docker port \ + {{SERVICE_UNIT_NAME}}.%i \ + 443 \ + | /bin/sed 's~^[0-9.]*:~~' \ + )\" \ --ttl ${REGISTER_TTL} 2> /dev/null; \ fi; \ - if /usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 8443 &> /dev/null; then \ + if /usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 8443 &> /dev/null; \ + then \ /usr/bin/etcdctl \ ${REGISTER_ETCD_PARAMETERS} \ mk \ ${REGISTER_KEY_ROOT}/ports/tcp/8443 \ - \"$(/usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 8443 | /usr/bin/sed 's~^[0-9.]*:~~')\" \ + \"$(/usr/bin/docker port \ + {{SERVICE_UNIT_NAME}}.%i \ + 8443 \ + | /bin/sed 's~^[0-9.]*:~~' \ + )\" \ --ttl ${REGISTER_TTL} 2> /dev/null; \ fi; \ sleep 0.5; \ @@ -101,35 +134,81 @@ ExecStart=/bin/bash -c \ ${REGISTER_KEY_ROOT}/hostname \ %H \ --ttl ${REGISTER_TTL}; \ - while true; do \ + while true; \ + do \ sleep ${REGISTER_UPDATE_INTERVAL}; \ - if /usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 80 &> /dev/null; then \ + if /usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 80 &> /dev/null; \ + then \ /usr/bin/etcdctl \ ${REGISTER_ETCD_PARAMETERS} \ - $(if ! /usr/bin/etcdctl ${REGISTER_ETCD_PARAMETERS} get ${REGISTER_KEY_ROOT}/ports/tcp/80 &> /dev/null; then echo set; else echo update; fi) \ + $(if ! /usr/bin/etcdctl \ + ${REGISTER_ETCD_PARAMETERS} \ + get \ + ${REGISTER_KEY_ROOT}/ports/tcp/80 \ + &> /dev/null; \ + then \ + printf -- 'set\n'; \ + else \ + printf -- 'update\n'; \ + fi) \ ${REGISTER_KEY_ROOT}/ports/tcp/80 \ - \"$(/usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 80 | /usr/bin/sed 's~^[0-9.]*:~~')\" \ + \"$(/usr/bin/docker port \ + {{SERVICE_UNIT_NAME}}.%i \ + 80 \ + | /bin/sed 's~^[0-9.]*:~~' \ + )\" \ --ttl ${REGISTER_TTL}; \ - fi; \ - if /usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 443 &> /dev/null; then \ /usr/bin/etcdctl \ ${REGISTER_ETCD_PARAMETERS} \ - $(if ! /usr/bin/etcdctl ${REGISTER_ETCD_PARAMETERS} get ${REGISTER_KEY_ROOT}/ports/tcp/443 &> /dev/null; then echo set; else echo update; fi) \ + $(if ! /usr/bin/etcdctl \ + ${REGISTER_ETCD_PARAMETERS} \ + get \ + ${REGISTER_KEY_ROOT}/ports/tcp/443 \ + &> /dev/null; \ + then \ + printf -- 'set\n'; \ + else \ + printf -- 'update\n'; \ + fi) \ ${REGISTER_KEY_ROOT}/ports/tcp/443 \ - $(/usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 443 | /usr/bin/sed 's/^[0-9.]*://') \ + \"$(/usr/bin/docker port \ + {{SERVICE_UNIT_NAME}}.%i \ + 443 \ + | /bin/sed 's~^[0-9.]*:~~' \ + )\" \ --ttl ${REGISTER_TTL}; \ - fi; \ - if /usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 8443 &> /dev/null; then \ /usr/bin/etcdctl \ ${REGISTER_ETCD_PARAMETERS} \ - $(if ! /usr/bin/etcdctl ${REGISTER_ETCD_PARAMETERS} get ${REGISTER_KEY_ROOT}/ports/tcp/8443 &> /dev/null; then echo set; else echo update; fi) \ + $(if ! /usr/bin/etcdctl \ + ${REGISTER_ETCD_PARAMETERS} \ + get \ + ${REGISTER_KEY_ROOT}/ports/tcp/8443 \ + &> /dev/null; \ + then \ + printf -- 'set\n'; \ + else \ + printf -- 'update\n'; \ + fi) \ ${REGISTER_KEY_ROOT}/ports/tcp/8443 \ - $(/usr/bin/docker port {{SERVICE_UNIT_NAME}}.%i 8443 | /usr/bin/sed 's/^[0-9.]*://') \ + \"$(/usr/bin/docker port \ + {{SERVICE_UNIT_NAME}}.%i \ + 8443 \ + | /bin/sed 's~^[0-9.]*:~~' \ + )\" \ --ttl ${REGISTER_TTL}; \ fi; \ /usr/bin/etcdctl \ ${REGISTER_ETCD_PARAMETERS} \ - $(if ! /usr/bin/etcdctl ${REGISTER_ETCD_PARAMETERS} get ${REGISTER_KEY_ROOT}/hostname &> /dev/null; then echo set; else echo update; fi) \ + $(if ! /usr/bin/etcdctl \ + ${REGISTER_ETCD_PARAMETERS} \ + get \ + ${REGISTER_KEY_ROOT}/hostname \ + &> /dev/null; \ + then \ + printf -- 'set\n'; \ + else \ + printf -- 'update\n'; \ + fi) \ ${REGISTER_KEY_ROOT}/hostname \ %H \ --ttl ${REGISTER_TTL}; \ @@ -137,7 +216,12 @@ ExecStart=/bin/bash -c \ # Unregister service ExecStop=/bin/bash -c \ - "if /usr/bin/etcdctl ${REGISTER_ETCD_PARAMETERS} ls ${REGISTER_KEY_ROOT} &> /dev/null; then \ + "if /usr/bin/etcdctl \ + ${REGISTER_ETCD_PARAMETERS} \ + ls \ + ${REGISTER_KEY_ROOT} \ + &> /dev/null; \ + then \ /usr/bin/etcdctl \ ${REGISTER_ETCD_PARAMETERS} \ rm \ @@ -146,8 +230,5 @@ ExecStop=/bin/bash -c \ fi" [Install] -DefaultInstance=1.1 +DefaultInstance=1 RequiredBy={{SERVICE_UNIT_NAME}}@%i.service - -[X-Fleet] -MachineOf={{SERVICE_UNIT_NAME}}@%i.service diff --git a/src/etc/systemd/system/centos-ssh-apache-php-fcgi@.service b/src/etc/systemd/system/centos-ssh-apache-php-fcgi@.service index 871e870..74adfe3 100644 --- a/src/etc/systemd/system/centos-ssh-apache-php-fcgi@.service +++ b/src/etc/systemd/system/centos-ssh-apache-php-fcgi@.service @@ -1,23 +1,23 @@ -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Naming convention: # -# centos-ssh-apache-php@.service = {service-unit-install-template-name} -# | -# +------------ {image-name} +# centos-ssh-apache-php-fcgi@.service = {service-unit-install-template-name} +# | +# +----------------------- {image-name} # -# apache-php.pool-1@.service = {service-unit-template-name} -# Y -# +------------- {service-unit-name} +# apache-php@.service = {service-unit-template-name} +# | +# +---------------- {service-unit-name} # -# apache-php.pool-1@1.1.service = {service-unit-instance-name} -# Y Y -# | +---- {service-unit-instance} -# +------------- {service-unit-name} +# apache-php@1.service = {service-unit-instance-name} +# | | +# | +---------- {service-unit-instance} +# +----------------- {service-unit-name} # -# apache-php.pool-1.1.1 = {service-unit-long-name} -# Y Y -# | +---- {service-unit-instance} -# +------------- {service-unit-name} +# apache-php.1 = {service-unit-long-name} +# | | +# | +-- {service-unit-instance} +# +--------- {service-unit-name} # # To install: # sudo cat {service-unit-install-template-name} \ @@ -26,7 +26,8 @@ # sudo systemctl enable -f {service-unit-instance-name} # # Start using: -# sudo systemctl [start|stop|restart|kill|status] {service-unit-instance-name} +# sudo systemctl [start|stop|restart|kill|status] \ +# {service-unit-instance-name} # # Debugging: # sudo systemctl status {service-unit-instance-name} @@ -34,10 +35,11 @@ # # To uninstall: # sudo systemctl disable -f {service-unit-instance-name} +# sudo systemctl daemon-reload # sudo systemctl stop {service-unit-instance-name} # sudo rm /etc/systemd/system/{service-unit-template-name} # sudo docker rm -f {service-unit-long-name} -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ [Unit] Description=centos-ssh-apache-php-fcgi // %p@%i @@ -52,7 +54,7 @@ Environment="DOCKER_USER=jdeathe" Environment="DOCKER_CONTAINER_OPTS=" Environment="DOCKER_IMAGE_PACKAGE_PATH=/var/opt/scmi/packages" Environment="DOCKER_IMAGE_NAME=centos-ssh-apache-php-fcgi" -Environment="DOCKER_IMAGE_TAG=2.0.1" +Environment="DOCKER_IMAGE_TAG={{RELEASE_VERSION}}" Environment="DOCKER_PORT_MAP_TCP_80=8080" Environment="DOCKER_PORT_MAP_TCP_443=9443" Environment="DOCKER_PORT_MAP_TCP_8443=NULL" @@ -85,24 +87,51 @@ Environment="PHP_OPTIONS_SESSION_SAVE_PATH=var/session" # Initialisation: Load image from local storage if available, otherwise pull. ExecStartPre=/bin/bash -c \ - "if [[ -z $( if [[ -n $(/usr/bin/docker images -q ${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}) ]]; then echo $(/usr/bin/docker images -q ${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}); else echo $(/usr/bin/docker images -q docker.io/${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}); fi; ) ]]; then \ - if [[ -f ${DOCKER_IMAGE_PACKAGE_PATH}/${DOCKER_USER}/${DOCKER_IMAGE_NAME}.${DOCKER_IMAGE_TAG}.tar.xz ]]; then \ - /usr/bin/xz -dc ${DOCKER_IMAGE_PACKAGE_PATH}/${DOCKER_USER}/${DOCKER_IMAGE_NAME}.${DOCKER_IMAGE_TAG}.tar.xz | /usr/bin/docker load; \ + "if [[ -z \"$(/usr/bin/docker images -q \ + ${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} \ + )\" ]] \ + && [[ -z \"$(/usr/bin/docker images -q \ + docker.io/${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} \ + )\" ]]; \ + then \ + if [[ -f ${DOCKER_IMAGE_PACKAGE_PATH}/${DOCKER_USER}/${DOCKER_IMAGE_NAME}.${DOCKER_IMAGE_TAG}.tar.xz ]]; \ + then \ + printf -- '%%s/%%s/%%s.%%s.tar.xz\n' \ + \"${DOCKER_IMAGE_PACKAGE_PATH}\" \ + \"${DOCKER_USER}\" \ + \"${DOCKER_IMAGE_NAME}\" \ + \"${DOCKER_IMAGE_TAG}\" \ + | /usr/bin/xargs /usr/bin/xz -dc \ + | /usr/bin/docker load; \ else \ - /usr/bin/docker pull ${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}; \ + printf -- '%%s/%%s:%%s\n' \ + \"${DOCKER_USER}\" \ + \"${DOCKER_IMAGE_NAME}\" \ + \"${DOCKER_IMAGE_TAG}\" \ + | /usr/bin/xargs /usr/bin/docker pull; \ fi; \ fi" # Terminate existing container to allow for redeployment ExecStartPre=-/bin/bash -c \ - "if [[ -n $(/usr/bin/docker ps -aq --filter \"name=%p.%i\") ]]; then \ - if [[ -n $(/usr/bin/docker ps -aq --filter \"name=%p.%i\" --filter \"status=paused\") ]]; then \ + "if [[ -n $(/usr/bin/docker ps -aq --filter \"name=%p.%i\") ]]; \ + then \ + if [[ -n $(/usr/bin/docker ps -aq \ + --filter \"name=%p.%i\" \ + --filter \"status=paused\" \ + ) ]]; \ + then \ /usr/bin/docker unpause %p.%i; \ fi; \ - if [[ -n $(/usr/bin/docker ps -aq --filter \"name=%p.%i\" --filter \"status=running\") ]]; then \ + if [[ -n $(/usr/bin/docker ps -aq \ + --filter \"name=%p.%i\" \ + --filter \"status=running\" \ + ) ]]; \ + then \ /usr/bin/docker stop %p.%i; \ fi; \ - if [[ -n $(/usr/bin/docker ps -aq --filter \"name=%p.%i\") ]]; then \ + if [[ -n $(/usr/bin/docker ps -aq --filter \"name=%p.%i\") ]]; \ + then \ /usr/bin/docker rm -f %p.%i; \ fi; \ fi" @@ -137,31 +166,101 @@ ExecStart=/bin/bash -c \ --env \"PHP_OPTIONS_SESSION_NAME=${PHP_OPTIONS_SESSION_NAME}\" \ --env \"PHP_OPTIONS_SESSION_SAVE_HANDLER=${PHP_OPTIONS_SESSION_SAVE_HANDLER}\" \ --env \"PHP_OPTIONS_SESSION_SAVE_PATH=${PHP_OPTIONS_SESSION_SAVE_PATH}\" \ - $(if [[ ${DOCKER_PORT_MAP_TCP_80} != NULL ]]; then \ - if /usr/bin/grep -qE '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[0-9]*$' <<< \"${DOCKER_PORT_MAP_TCP_80}\"; then \ + $(if [[ ${DOCKER_PORT_MAP_TCP_80} != NULL ]]; \ + then \ + if /bin/grep -qE \ + '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[1-9][0-9]*$' \ + <<< \"${DOCKER_PORT_MAP_TCP_80}\"; \ + && /bin/grep -qE \ + '^.+\.[0-9]+(\.[0-9]+)?$' \ + <<< %p.%i; \ + then \ printf -- '--publish %%s%%s:80' \ - $(/usr/bin/grep -o '^[0-9\.]*:' <<< \"${DOCKER_PORT_MAP_TCP_80}\") \ - $(( $(/usr/bin/grep -o '[0-9]*$' <<< \"${DOCKER_PORT_MAP_TCP_80}\") + $(/usr/bin/sed 's~\.[0-9]*$~~' <<< %i) - 1 )); \ + $(\ + /bin/grep -o \ + '^[0-9\.]*:' \ + <<< \"${DOCKER_PORT_MAP_TCP_80}\" \ + ) \ + $(( \ + $(\ + /bin/grep -oE \ + '[0-9]+$' \ + <<< \"${DOCKER_PORT_MAP_TCP_80}\" \ + ) \ + + $(\ + /bin/grep -oE \ + '^[0-9]+' \ + <<< %i \ + ) \ + - 1 \ + )); \ else \ printf -- '--publish %%s:80' \ \"${DOCKER_PORT_MAP_TCP_80}\"; \ fi; \ fi) \ - $(if [[ ${DOCKER_PORT_MAP_TCP_443} != NULL ]]; then \ - if /usr/bin/grep -qE '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[0-9]*$' <<< \"${DOCKER_PORT_MAP_TCP_443}\"; then \ + $(if [[ ${APACHE_MOD_SSL_ENABLED} == true ]] \ + && [[ ${DOCKER_PORT_MAP_TCP_443} != NULL ]]; \ + then \ + if /bin/grep -qE \ + '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[1-9][0-9]*$' \ + <<< \"${DOCKER_PORT_MAP_TCP_443}\"; \ + && /bin/grep -qE \ + '^.+\.[0-9]+(\.[0-9]+)?$' \ + <<< %p.%i; \ + then \ printf -- '--publish %%s%%s:443' \ - $(/usr/bin/grep -o '^[0-9\.]*:' <<< \"${DOCKER_PORT_MAP_TCP_443}\") \ - $(( $(/usr/bin/grep -o '[0-9]*$' <<< \"${DOCKER_PORT_MAP_TCP_443}\") + $(/usr/bin/sed 's~\.[0-9]*$~~' <<< %i) - 1 )); \ + $(\ + /bin/grep -o \ + '^[0-9\.]*:' \ + <<< \"${DOCKER_PORT_MAP_TCP_443}\" \ + ) \ + $(( \ + $(\ + /bin/grep -oE \ + '[0-9]+$' \ + <<< \"${DOCKER_PORT_MAP_TCP_443}\" \ + ) \ + + $(\ + /bin/grep -oE \ + '^[0-9]+' \ + <<< %i \ + ) \ + - 1 \ + )); \ else \ printf -- '--publish %%s:443' \ \"${DOCKER_PORT_MAP_TCP_443}\"; \ fi; \ fi) \ - $(if [[ ${DOCKER_PORT_MAP_TCP_8443} != NULL ]]; then \ - if /usr/bin/grep -qE '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[0-9]*$' <<< \"${DOCKER_PORT_MAP_TCP_8443}\"; then \ + $(if [[ ${DOCKER_PORT_MAP_TCP_8443} != NULL ]]; \ + then \ + if /bin/grep -qE \ + '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[1-9][0-9]*$' \ + <<< \"${DOCKER_PORT_MAP_TCP_8443}\"; \ + && /bin/grep -qE \ + '^.+\.[0-9]+(\.[0-9]+)?$' \ + <<< %p.%i; \ + then \ printf -- '--publish %%s%%s:8443' \ - $(/usr/bin/grep -o '^[0-9\.]*:' <<< \"${DOCKER_PORT_MAP_TCP_8443}\") \ - $(( $(/usr/bin/grep -o '[0-9]*$' <<< \"${DOCKER_PORT_MAP_TCP_8443}\") + $(/usr/bin/sed 's~\.[0-9]*$~~' <<< %i) - 1 )); \ + $(\ + /bin/grep -o \ + '^[0-9\.]*:' \ + <<< \"${DOCKER_PORT_MAP_TCP_8443}\" \ + ) \ + $(( \ + $(\ + /bin/grep -oE \ + '[0-9]+$' \ + <<< \"${DOCKER_PORT_MAP_TCP_8443}\" \ + ) \ + + $(\ + /bin/grep -oE \ + '^[0-9]+' \ + <<< %i \ + ) \ + - 1 \ + )); \ else \ printf -- '--publish %%s:8443' \ \"${DOCKER_PORT_MAP_TCP_8443}\"; \ @@ -174,5 +273,5 @@ ExecStart=/bin/bash -c \ ExecStop=/usr/bin/docker stop --time 10 %p.%i [Install] -DefaultInstance=1.1 +DefaultInstance=1 WantedBy=multi-user.target diff --git a/src/opt/scmi/default.sh b/src/opt/scmi/default.sh index a21603e..47beb66 100644 --- a/src/opt/scmi/default.sh +++ b/src/opt/scmi/default.sh @@ -1,15 +1,39 @@ # Handle incrementing the docker host port for instances unless a port range is defined. DOCKER_PUBLISH= -if [[ ${DOCKER_PORT_MAP_TCP_80} != NULL ]]; then - if grep -qE '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[0-9]*$' <<< "${DOCKER_PORT_MAP_TCP_80}" \ - && grep -qE '^.+\.([0-9]+)\.([0-9]+)$' <<< "${DOCKER_NAME}"; then +if [[ ${DOCKER_PORT_MAP_TCP_80} != NULL ]] +then + if grep -qE \ + '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[1-9][0-9]*$' \ + <<< "${DOCKER_PORT_MAP_TCP_80}" \ + && grep -qE \ + '^.+\.[0-9]+(\.[0-9]+)?$' \ + <<< "${DOCKER_NAME}" + then printf -v \ DOCKER_PUBLISH \ -- '%s --publish %s%s:80' \ "${DOCKER_PUBLISH}" \ - "$(grep -o '^[0-9\.]*:' <<< "${DOCKER_PORT_MAP_TCP_80}")" \ - "$(( $(grep -o '[0-9]*$' <<< "${DOCKER_PORT_MAP_TCP_80}") + $(sed 's~\.[0-9]*$~~' <<< "${DOCKER_NAME}" | awk -F. '{ print $NF; }') - 1 ))" + "$( + grep -o \ + '^[0-9\.]*:' \ + <<< "${DOCKER_PORT_MAP_TCP_80}" + )" \ + "$(( + $( + grep -oE \ + '[0-9]+$' \ + <<< "${DOCKER_PORT_MAP_TCP_80}" + ) \ + + $( + grep -oE \ + '([0-9]+)(\.[0-9]+)?$' \ + <<< "${DOCKER_NAME}" \ + | awk -F. \ + '{ print $1; }' + ) \ + - 1 + ))" else printf -v \ DOCKER_PUBLISH \ @@ -19,16 +43,40 @@ if [[ ${DOCKER_PORT_MAP_TCP_80} != NULL ]]; then fi fi -if [[ ${DOCKER_PORT_MAP_TCP_443} != NULL ]] \ - && [[ ${APACHE_MOD_SSL_ENABLED} == true ]]; then - if grep -qE '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[0-9]*$' <<< "${DOCKER_PORT_MAP_TCP_443}" \ - && grep -qE '^.+\.([0-9]+)\.([0-9]+)$' <<< "${DOCKER_NAME}"; then +if [[ ${APACHE_MOD_SSL_ENABLED} == true ]] \ + && [[ ${DOCKER_PORT_MAP_TCP_443} != NULL ]] +then + if grep -qE \ + '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[1-9][0-9]*$' \ + <<< "${DOCKER_PORT_MAP_TCP_443}" \ + && grep -qE \ + '^.+\.[0-9]+(\.[0-9]+)?$' \ + <<< "${DOCKER_NAME}" + then printf -v \ DOCKER_PUBLISH \ -- '%s --publish %s%s:443' \ "${DOCKER_PUBLISH}" \ - "$(grep -o '^[0-9\.]*:' <<< "${DOCKER_PORT_MAP_TCP_443}")" \ - "$(( $(grep -o '[0-9]*$' <<< "${DOCKER_PORT_MAP_TCP_443}") + $(sed 's~\.[0-9]*$~~' <<< "${DOCKER_NAME}" | awk -F. '{ print $NF; }') - 1 ))" + "$( + grep -o \ + '^[0-9\.]*:' \ + <<< "${DOCKER_PORT_MAP_TCP_443}" + )" \ + "$(( + $( + grep -oE \ + '[0-9]+$' \ + <<< "${DOCKER_PORT_MAP_TCP_443}" + ) \ + + $( + grep -oE \ + '([0-9]+)(\.[0-9]+)?$' \ + <<< "${DOCKER_NAME}" \ + | awk -F. \ + '{ print $1; }' + ) \ + - 1 + ))" else printf -v \ DOCKER_PUBLISH \ @@ -38,15 +86,39 @@ if [[ ${DOCKER_PORT_MAP_TCP_443} != NULL ]] \ fi fi -if [[ ${DOCKER_PORT_MAP_TCP_8443} != NULL ]]; then - if grep -qE '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[0-9]*$' <<< "${DOCKER_PORT_MAP_TCP_8443}" \ - && grep -qE '^.+\.([0-9]+)\.([0-9]+)$' <<< "${DOCKER_NAME}"; then +if [[ ${DOCKER_PORT_MAP_TCP_8443} != NULL ]] +then + if grep -qE \ + '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[1-9][0-9]*$' \ + <<< "${DOCKER_PORT_MAP_TCP_8443}" \ + && grep -qE \ + '^.+\.[0-9]+(\.[0-9]+)?$' \ + <<< "${DOCKER_NAME}" + then printf -v \ DOCKER_PUBLISH \ -- '%s --publish %s%s:8443' \ "${DOCKER_PUBLISH}" \ - "$(grep -o '^[0-9\.]*:' <<< "${DOCKER_PORT_MAP_TCP_8443}")" \ - "$(( $(grep -o '[0-9]*$' <<< "${DOCKER_PORT_MAP_TCP_8443}") + $(sed 's~\.[0-9]*$~~' <<< "${DOCKER_NAME}" | awk -F. '{ print $NF; }') - 1 ))" + "$( + grep -o \ + '^[0-9\.]*:' \ + <<< "${DOCKER_PORT_MAP_TCP_8443}" + )" \ + "$(( + $( + grep -oE \ + '[0-9]+$' \ + <<< "${DOCKER_PORT_MAP_TCP_8443}" + ) \ + + $( + grep -oE \ + '([0-9]+)(\.[0-9]+)?$' \ + <<< "${DOCKER_NAME}" \ + | awk -F. \ + '{ print $1; }' + ) \ + - 1 + ))" else printf -v \ DOCKER_PUBLISH \ diff --git a/src/opt/scmi/environment.sh b/src/opt/scmi/environment.sh index b02ee97..019d468 100644 --- a/src/opt/scmi/environment.sh +++ b/src/opt/scmi/environment.sh @@ -1,6 +1,6 @@ -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Constants -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ readonly DOCKER_USER=jdeathe readonly DOCKER_IMAGE_NAME=centos-ssh-apache-php-fcgi @@ -8,14 +8,14 @@ readonly DOCKER_IMAGE_NAME=centos-ssh-apache-php-fcgi readonly DOCKER_IMAGE_TAG_PATTERN='^(latest|centos-[6-7]|((1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+))$' readonly DOCKER_IMAGE_RELEASE_TAG_PATTERN='^(1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+$' -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Variables -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Docker image/container settings DOCKER_CONTAINER_OPTS="${DOCKER_CONTAINER_OPTS:-}" DOCKER_IMAGE_TAG="${DOCKER_IMAGE_TAG:-latest}" -DOCKER_NAME="${DOCKER_NAME:-apache-php.pool-1.1.1}" +DOCKER_NAME="${DOCKER_NAME:-apache-php.1}" DOCKER_PORT_MAP_TCP_22="${DOCKER_PORT_MAP_TCP_22:-NULL}" DOCKER_PORT_MAP_TCP_80="${DOCKER_PORT_MAP_TCP_80:-8080}" DOCKER_PORT_MAP_TCP_443="${DOCKER_PORT_MAP_TCP_443:-9443}" @@ -36,23 +36,9 @@ REGISTER_ETCD_PARAMETERS="${REGISTER_ETCD_PARAMETERS:-}" REGISTER_TTL="${REGISTER_TTL:-60}" REGISTER_UPDATE_INTERVAL="${REGISTER_UPDATE_INTERVAL:-55}" -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Application container configuration -# ----------------------------------------------------------------------------- -SSH_AUTHORIZED_KEYS="${SSH_AUTHORIZED_KEYS:-}" -SSH_AUTOSTART_SSHD="${SSH_AUTOSTART_SSHD:-true}" -SSH_AUTOSTART_SSHD_BOOTSTRAP="${SSH_AUTOSTART_SSHD_BOOTSTRAP:-true}" -SSH_CHROOT_DIRECTORY="${SSH_CHROOT_DIRECTORY:-%h}" -SSH_INHERIT_ENVIRONMENT="${SSH_INHERIT_ENVIRONMENT:-false}" -SSH_SUDO="${SSH_SUDO:-ALL=(ALL) ALL}" -SSH_USER="${SSH_USER:-app-admin}" -SSH_USER_FORCE_SFTP="${SSH_USER_FORCE_SFTP:-false}" -SSH_USER_HOME="${SSH_USER_HOME:-/home/%u}" -SSH_USER_ID="${SSH_USER_ID:-500:500}" -SSH_USER_PASSWORD="${SSH_USER_PASSWORD:-}" -SSH_USER_PASSWORD_HASHED="${SSH_USER_PASSWORD_HASHED:-false}" -SSH_USER_SHELL="${SSH_USER_SHELL:-/bin/bash}" -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ APACHE_AUTOSTART_HTTPD_BOOTSTRAP="${APACHE_AUTOSTART_HTTPD_BOOTSTRAP:-true}" APACHE_AUTOSTART_HTTPD_WRAPPER="${APACHE_AUTOSTART_HTTPD_WRAPPER:-true}" APACHE_CONTENT_ROOT="${APACHE_CONTENT_ROOT:-/var/www/app}" diff --git a/src/opt/scmi/service-unit.sh b/src/opt/scmi/service-unit.sh index 728178c..24da7a2 100644 --- a/src/opt/scmi/service-unit.sh +++ b/src/opt/scmi/service-unit.sh @@ -1,6 +1,6 @@ -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Constants -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ readonly SERVICE_UNIT_ENVIRONMENT_KEYS=" DOCKER_CONTAINER_OPTS DOCKER_IMAGE_PACKAGE_PATH @@ -38,7 +38,7 @@ readonly SERVICE_UNIT_REGISTER_ENVIRONMENT_KEYS=" REGISTER_UPDATE_INTERVAL " -# ----------------------------------------------------------------------------- +# ------------------------------------------------------------------------------ # Variables -# ----------------------------------------------------------------------------- -SERVICE_UNIT_INSTALL_TIMEOUT=${SERVICE_UNIT_INSTALL_TIMEOUT:-5} +# ------------------------------------------------------------------------------ +SERVICE_UNIT_INSTALL_TIMEOUT="${SERVICE_UNIT_INSTALL_TIMEOUT:-5}" diff --git a/src/usr/bin/healthcheck b/src/usr/bin/healthcheck index ae79819..1513f96 100644 --- a/src/usr/bin/healthcheck +++ b/src/usr/bin/healthcheck @@ -1,18 +1,18 @@ #!/usr/bin/env bash -source /etc/httpd-bootstrap.conf - function __is_throttled_interval () { local -i interval="${1:-10}" local pattern_seconds_in_minute='^([1-9]|[1-5][0-9]|60)$' # interval must be between 1 and 60 seconds - if [[ ! ${interval} =~ ${pattern_seconds_in_minute} ]]; then + if [[ ! ${interval} =~ ${pattern_seconds_in_minute} ]] + then interval=10 fi - if (( $(date +%-S)%${interval} == 0 )); then + if (( $(date +%-S)%${interval} == 0 )) + then return 0 else return 1 @@ -23,15 +23,17 @@ function __last_check_passed () { local -i status=0 - if [[ ! -f ${STATUS_PATH} ]]; then + if [[ ! -f ${STATUS_PATH} ]] + then return ${status} else read \ -n 1 \ status \ - < "${STATUS_PATH}" + < "${STATUS_PATH}" - if [[ ${status} =~ ^[01]$ ]]; then + if [[ ${status} =~ ^[01]$ ]] + then return ${status} else return 1 @@ -42,7 +44,7 @@ function __last_check_passed () function __print_message () { local -r type="${1:-}" - local -r quiet=${QUIET:-false} + local -r quiet="${QUIET:-false}" local message="${2:-}" local prefix="" @@ -84,7 +86,8 @@ function __record_exit_status () dirname "${STATUS_PATH}" )" - if [[ ! -d ${status_directory} ]]; then + if [[ ! -d ${status_directory} ]] + then install \ -d \ -m 0660 \ @@ -93,7 +96,8 @@ function __record_exit_status () "${status_directory}" fi - if [[ ! -f ${STATUS_PATH} ]]; then + if [[ ! -f ${STATUS_PATH} ]] + then install \ -m 0660 \ -o root \ @@ -105,7 +109,7 @@ function __record_exit_status () printf -- \ '%d' \ "${status}" \ - > "${STATUS_PATH}" + > "${STATUS_PATH}" trap - \ EXIT @@ -148,7 +152,7 @@ function __usage () function main () { local -r STATUS_PATH="/var/lib/healthcheck/status" - local QUITE=false + local QUITE="false" local host="localhost.localdomain" local -i interval=10 @@ -163,7 +167,8 @@ function main () trap "__record_exit_status \${?}" \ EXIT - while [[ ${#} -gt 0 ]]; do + while [[ "${#}" -gt 0 ]] + do case "${1}" in -h|--help) __usage @@ -211,38 +216,60 @@ function main () esac done - if [[ ! ${host} =~ ${pattern_host} ]]; then + if [[ ! ${host} =~ ${pattern_host} ]] + then __print_message \ "error" \ "Invalid host." exit 1 fi - if [[ ! ${interval} =~ ${pattern_seconds_in_minute} ]]; then + if [[ ! ${interval} =~ ${pattern_seconds_in_minute} ]] + then __print_message \ "error" \ "Invalid interval." exit 1 fi - if [[ ! ${max_time} =~ ${pattern_max_time} ]]; then + if [[ ! ${max_time} =~ ${pattern_max_time} ]] + then __print_message \ "error" \ "Invalid max_time." exit 1 fi - if [[ ! ${url} =~ ${pattern_local_url} ]]; then + if [[ ! ${url} =~ ${pattern_local_url} ]] + then __print_message \ "error" \ "Invalid url." exit 1 fi + if ! ps axo command \ + | grep -qE '^/usr/bin/python /usr/bin/supervisord' + then + __print_message \ + "error" \ + "supervisord not running." + exit 1 + fi + + if [[ ${APACHE_AUTOSTART_HTTPD_BOOTSTRAP} == false ]] \ + && [[ ${APACHE_AUTOSTART_HTTPD_WRAPPER} == false ]] + then + exit 0 + fi + # httpd-bootstrap if [[ ${APACHE_AUTOSTART_HTTPD_BOOTSTRAP} == true ]] \ && [[ -e /var/lock/subsys/httpd-bootstrap ]] then + __print_message \ + "error" \ + "Bootstrap failed to complete." exit 1 fi @@ -251,6 +278,9 @@ function main () && ! ps axo command \ | grep -qE '^/usr/sbin/httpd(\.worker|\.event)? ' then + __print_message \ + "error" \ + "httpd not running." exit 1 fi @@ -293,8 +323,6 @@ function main () )" exit 1 fi - - exit 0 } main "${@}" diff --git a/src/usr/sbin/httpd-bootstrap b/src/usr/sbin/httpd-bootstrap index 77e1f2d..6fea3c7 100644 --- a/src/usr/sbin/httpd-bootstrap +++ b/src/usr/sbin/httpd-bootstrap @@ -1,63 +1,103 @@ #!/usr/bin/env bash -# Create lock file -touch /var/lock/subsys/httpd-bootstrap +set -e -TIMER_START="$( - date +%s.%N -)" - -source /etc/httpd-bootstrap.conf - -function absolute_path () +function __absolute_path () { - local DIRECTORY_PATH="${1:-}" - local VALUE + local -r directory_path="${1}" - if [[ -n ${DIRECTORY_PATH} ]]; then - VALUE="$( + local value + + if [[ -n ${directory_path} ]] + then + value="$( python -c "import os,sys; print os.path.abspath(sys.argv[1])" \ - "${DIRECTORY_PATH}" + "${directory_path}" )" fi - printf -- "%s" "${VALUE}" + printf -- '%s' "${value}" } -function add_hosts_entry () +function __add_hosts_entry () { - local IP="${1:-127.0.0.1}" - local HOSTS - local USAGE="Usage: ${0} ip_address hostname [hostname ...]" + local address="${1:-127.0.0.1}" + local hosts + local usage="Usage: ${0} ip_address hostname [hostname ...]" shift - if [[ ${#} -eq 0 ]]; then - echo "${USAGE}" >&2 + if [[ "${#}" -eq 0 ]] + then + >&2 printf -- \ + '%s\n' \ + "${usage}" exit 1 fi - while (( ${#} )); do + while (( "${#}" )) + do if [[ ${1} != localhost ]] \ && [[ ${1} != 127.0.0.1 ]] \ - && [[ ${1} != "${IP}" ]]; then - HOSTS+=" ${1}" + && [[ ${1} != "${address}" ]] + then + hosts+=" ${1}" fi shift done - printf -- "%s\t%s\n" "${IP}" "${HOSTS}" >> /etc/hosts + printf -- \ + '%s\t%s\n' \ + "${address}" \ + "${hosts}" \ + >> /etc/hosts +} + +function __cleanup () +{ + local -r exit_code="${?}" + local -r lock_file="${1}" + local -r state_file="${2}" + + if [[ -e ${lock_file} ]] + then + rm -f "${lock_file}" + fi + + if [[ ${exit_code} -eq 0 ]] + then + touch "${state_file}" + fi + } -function enable_apache_modules () +function __enable_apache_modules () { - local CONF_PATHS="/etc/services-config/httpd/conf/httpd.conf" - local MODULES="${1:-}" - local MODULES_ENABLED="" - local SED_COMMAND="" + local -r apache_version="$( + __get_apache_server_version + )" - if [[ -f /etc/httpd/conf.modules.d/00-base.conf ]]; then - # Default Apache 2.4 DSO Modules - declare -a DEFAULT_MODULE_IDENTIFIERS=( + local config_file + local -a config_files=( + '00-base.conf' + '00-dav.conf' + '00-lua.conf' + '00-optional.conf' + '00-proxy.conf' + ) + local config_paths="/etc/httpd/conf/httpd.conf" + local identifier + local -a identifiers + local -a identifiers_default + local modules="${1:-"$( + __get_apache_load_modules + )"}" + local enabled + local sed_command + + if [[ ${apache_version} =~ ^2\.4\. ]] + then + # Default DSO Modules + identifiers_default=( 'authz_core_module' 'authz_user_module' 'log_config_module' @@ -76,26 +116,9 @@ function enable_apache_modules () 'proxy_module' 'proxy_fcgi_module' ) - else - # Default Apache 2.2 DSO Modules - declare -a DEFAULT_MODULE_IDENTIFIERS=( - 'authz_user_module' - 'log_config_module' - 'expires_module' - 'deflate_module' - 'headers_module' - 'setenvif_module' - 'mime_module' - 'status_module' - 'dir_module' - 'alias_module' - 'version_module' - ) - fi - if [[ -f /etc/httpd/conf.modules.d/00-base.conf ]]; then - # Available Apache 2.4 DSO Modules - declare -a MODULE_IDENTFIERS=( + # Available DSO Modules + identifiers=( 'access_compat_module' 'actions_module' 'alias_module' @@ -180,8 +203,23 @@ function enable_apache_modules () 'proxy_wstunnel_module' ) else - # Available Apache 2.2 DSO Modules - declare -a MODULE_IDENTFIERS=( + # Default DSO Modules + identifiers_default=( + 'authz_user_module' + 'log_config_module' + 'expires_module' + 'deflate_module' + 'headers_module' + 'setenvif_module' + 'mime_module' + 'status_module' + 'dir_module' + 'alias_module' + 'version_module' + ) + + # Available DSO Modules + identifiers=( 'auth_basic_module' 'auth_digest_module' 'authn_file_module' @@ -248,774 +286,1725 @@ function enable_apache_modules () ) fi - for MODULE_IDENTFIER in "${DEFAULT_MODULE_IDENTIFIERS[@]}"; do + for identifier in "${identifiers_default[@]}" + do # Prevent invalid or unavailable module identifiers - if [[ " ${MODULE_IDENTFIERS[@]} " =~ " ${MODULE_IDENTFIER} " ]]; then - MODULES_ENABLED+=" - ${MODULE_IDENTFIER}\n" - SED_COMMAND+="$( + if [[ " ${identifiers[@]} " =~ " ${identifier} " ]] + then + enabled+=" - ${identifier}\n" + sed_command+="$( printf -- \ " -e 's~^#LoadModule %s ~LoadModule %s ~g'" \ - "${MODULE_IDENTFIER}" \ - "${MODULE_IDENTFIER}" + "${identifier}" \ + "${identifier}" )" fi done - if [[ -n ${MODULES} ]]; then - for MODULE_IDENTFIER in ${MODULES}; do + if [[ -n ${modules} ]] + then + for identifier in ${modules} + do # Prevent invalid, unavailable or duplicate module identifiers - if [[ " ${MODULE_IDENTFIERS[@]} " =~ " ${MODULE_IDENTFIER} " ]] \ - && ! [[ " ${DEFAULT_MODULE_IDENTIFIERS[@]} " =~ " ${MODULE_IDENTFIER} " ]] + if [[ " ${identifiers[@]} " =~ " ${identifier} " ]] \ + && ! [[ " ${identifiers_default[@]} " =~ " ${identifier} " ]] then - MODULES_ENABLED+=" - ${MODULE_IDENTFIER}\n" - SED_COMMAND+="$( + enabled+=" - ${identifier}\n" + sed_command+="$( printf -- \ " -e 's~^#LoadModule %s ~LoadModule %s ~g'" \ - "${MODULE_IDENTFIER}" \ - "${MODULE_IDENTFIER}" + "${identifier}" \ + "${identifier}" )" fi done fi - if [[ -n ${SED_COMMAND} ]]; then - - for CONF_FILE in 00-base 00-dav 00-lua 00-optional 00-proxy; do - if [[ -f /etc/httpd/conf.modules.d/${CONF_FILE}.conf ]]; then - CONF_PATHS+=" /etc/httpd/conf.modules.d/${CONF_FILE}.conf" + if [[ -n ${sed_command} ]] + then + for config_file in "${config_files[@]}" + do + if [[ -f /etc/httpd/conf.modules.d/${config_file} ]] + then + config_paths+=" /etc/httpd/conf.modules.d/${config_file}" fi done eval "$( printf -- \ 'sed -i %s %s' \ - "${SED_COMMAND}" \ - "${CONF_PATHS}" + "${sed_command}" \ + "${config_paths}" )" fi - printf -- "%b" "${MODULES_ENABLED}" + printf -- \ + '%b' \ + "${enabled}" \ + | sort } -function get_apache_content_root () +function __get_apache_content_root () { - local DEFAULT_VALUE="${1:-/var/www/app}" - local VALUE="${APACHE_CONTENT_ROOT:-}" + local -r default_value="${1:-/var/www/app}" - if [[ -z ${VALUE} ]] || ! is_valid_apache_content_root "${VALUE}"; then - VALUE="${DEFAULT_VALUE}" + local value="${APACHE_CONTENT_ROOT}" + + if ! __is_valid_apache_content_root "${value}" + then + value="${default_value}" fi - printf -- "%s" "${VALUE}" + printf -- '%s' "${value}" } -function get_apache_header_x_service_uid () +function __get_apache_custom_log_format () { - local HOST_NAME="${HOSTNAME:-}" - local VALUE="${APACHE_HEADER_X_SERVICE_UID:-}" + local -r default_value="${1:-combined}" - if [[ -n ${VALUE} ]]; then - if [[ -z ${HOST_NAME} ]]; then - HOST_NAME="$( - hostname - )" - fi + local value="${APACHE_CUSTOM_LOG_FORMAT}" - # Replace {{HOSTNAME}} with system hostname - VALUE="${VALUE//\{\{HOSTNAME\}\}/${HOST_NAME}}" + if ! __is_valid_apache_custom_log_format "${value}" + then + value="${default_value}" fi - printf -- \ - '%s' \ - "${VALUE}" + printf -- '%s' "${value}" } -function get_apache_public_directory () +function __get_apache_custom_log_location () { - local DEFAULT_VALUE="${1:-public_html}" - local VALUE="${APACHE_PUBLIC_DIRECTORY:-}" + local -r content_root="${2:-"$( + __get_apache_content_root + )"}" + local -r default_value="${1:-var/log/apache_access_log}" - if [[ -z ${VALUE} ]] || ! is_valid_apache_public_directory "${VALUE}"; then - VALUE="${DEFAULT_VALUE}" + local value="${APACHE_CUSTOM_LOG_LOCATION:-${default_value}}" + + if [[ ! ${value} =~ ^[\.]{,2}/ ]] + then + printf -v \ + value \ + -- '%s/%s' \ + "${content_root}" \ + "${value}" fi - printf -- "%s" "${VALUE}" + printf -- '%s' "${value}" } -function get_password () +function __get_apache_document_root () { - local PASSWORD_LENGTH="${1:-16}" - local PASSWORD="$( - head -n 4096 /dev/urandom \ - | tr -cd '[:alnum:]' \ - | cut -c1-"${PASSWORD_LENGTH}" - )" + local -r content_root="${1:-"$( + __get_apache_content_root + )"}" + local -r public_directory="${2:-"$( + __get_apache_public_directory + )"}" - printf -- "%s" "${PASSWORD}" - - return 0 + printf -- \ + '%s/%s' \ + "${content_root}" \ + "${public_directory}" } -function get_ssl_certificate_fingerprint () +function __get_apache_error_log_level () { - local -r DIGEST="${1:-sha1}" - local -r FILE_PATH="${2:-/etc/pki/tls/certs/localhost.crt}" - local VALUE + local -r default_value="${1:-warn}" - VALUE="$( - openssl x509 \ - -"${DIGEST,,}" \ - -in "${FILE_PATH}" \ - -noout \ - -fingerprint - )" + local value="${APACHE_ERROR_LOG_LEVEL}" - VALUE="${VALUE//${DIGEST^^}' Fingerprint='/}" + if ! __is_valid_apache_error_log_level "${value}" + then + value="${default_value}" + fi - printf -- "%s" "${VALUE}" + printf -- '%s' "${value}" } -function is_valid_apache_content_root () +function __get_apache_error_log_location () { - local DIRECTORY_PATH="${1:-}" - local DIRECTORY_PATH_ABSOLUTE="$( - absolute_path \ - "${DIRECTORY_PATH}" - )" - local VALID_DIRECTORY='^\/(?!\/|bin|dev|etc|lib|lib64|lost+found|media|proc|root|sbin|sys|tmp|usr).+$' + local -r content_root="${2:-"$( + __get_apache_content_root + )"}" + local -r default_value="${1:-var/log/apache_error_log}" - if grep -qoP "${VALID_DIRECTORY}" <<< "${DIRECTORY_PATH_ABSOLUTE}"; then - return 0 + local value="${APACHE_ERROR_LOG_LOCATION:-${default_value}}" + + if [[ ! ${value} =~ ^[\.]{,2}/ ]] + then + printf -v \ + value \ + -- '%s/%s' \ + "${content_root}" \ + "${value}" fi - return 1 + printf -- '%s' "${value}" } -function is_valid_apache_public_directory () +function __get_apache_extended_status_enabled () { - local DIRECTORY="${1:-}" - local DIRECTORY_ABSOLUTE="$( - absolute_path "$( - get_apache_content_root - )/${DIRECTORY}" - )" - local VALID_DIRECTORY='^\/(?!\/|bin|dev|etc|lib|lib64|lost+found|media|proc|root|sbin|sys|tmp|usr).+$' - local VALID_SUBDIRECTORY='^[^\/\\].+$' + local -r default_value="${1:-false}" - if grep -qoP "${VALID_DIRECTORY}" <<< "${DIRECTORY_ABSOLUTE}"; then - return 0 - fi + local value="${APACHE_EXTENDED_STATUS_ENABLED}" - if grep -qoP "${VALID_SUBDIRECTORY}" <<< "${DIRECTORY}"; then - return 0 + if ! __is_valid_apache_extended_status_enabled "${value}" + then + value="${default_value}" fi - return 1 + printf -- '%s' "${value}" } -function is_valid_apache_ssl_certificate () +function __get_apache_header_x_service_uid () { - local -r FILE_PATH="${1:-/etc/pki/tls/certs/localhost.crt}" - local -r VALID_PATTERN='^SHA1 Fingerprint=' - local SHA1_FINGERPRINT + local value="${APACHE_HEADER_X_SERVICE_UID}" - SHA1_FINGERPRINT="$( - openssl \ - x509 \ - -sha1 \ - -in "${FILE_PATH}" \ - -noout \ - -fingerprint - )" + value="${value//'{{HOSTNAME}}'/${HOSTNAME:-localhost.localdomain}}" - if [[ ${SHA1_FINGERPRINT} =~ ${VALID_PATTERN} ]]; then - return 0 - fi + printf -- '%s' "${value}" +} - return 1 +function __get_apache_load_modules () +{ + local value="${APACHE_LOAD_MODULES}" + + printf -- '%s' "${value}" } -function is_valid_user_login () +function __get_apache_mod_ssl_enabled () { - local LOGIN="${1}" - local SAFE_LOGIN='^[a-z_][a-z0-9_-]{0,29}[$a-z0-9_]?$' + local -r default_value="${1:-false}" - if [[ ${LOGIN} != root ]] && [[ ${LOGIN} =~ ${SAFE_LOGIN} ]]; then - return 0 + local value="${APACHE_MOD_SSL_ENABLED}" + + if ! __is_valid_apache_mod_ssl_enabled "${value}" + then + value="${default_value}" fi - return 1 + printf -- '%s' "${value}" } -function load_httpd_conf_scan_files () +function __get_apache_mpm () { - local FILE_PATH - local PACKAGE_PATH="${1:-}" + local -r default_value="${1:-prefork}" - if [[ -n ${PACKAGE_PATH} ]] \ - && [[ -d ${PACKAGE_PATH}/etc/httpd/conf.d ]]; then - for FILE_PATH in "${PACKAGE_PATH}"/etc/httpd/conf.d/*.conf; do - cat \ - "${FILE_PATH}" \ - > "/etc/services-config/httpd/conf.d/${FILE_PATH##*/}" - done - fi + local value="${APACHE_MPM}" - if [[ -n ${PACKAGE_PATH} ]] \ - && [[ -d ${PACKAGE_PATH}/etc/httpd/conf.virtualhost.d ]]; then - for FILE_PATH in "${PACKAGE_PATH}"/etc/httpd/conf.virtualhost.d/*.conf; do - cat \ - "${FILE_PATH}" \ - > "/etc/services-config/httpd/conf.virtualhost.d/${FILE_PATH##*/}" - done + if ! __is_valid_apache_mpm "${value}" + then + value="${default_value}" fi + + printf -- '%s' "${value}" } -function load_php_ini_scan_file () +function __get_apache_operating_mode () { - local FILE_PATH="${1:-}" - local SCAN_DIRECTORY="${2:-}" + local -r default_value="${1:-production}" - if [[ -n ${SCAN_DIRECTORY} ]] \ - && [[ -n ${FILE_PATH} ]] \ - && [[ -s ${FILE_PATH} ]] + local value="${APACHE_OPERATING_MODE}" + + if ! __is_valid_apache_operating_mode "${value}" then - # Replace environment variables - printf -- \ - '%s' \ - "$( - eval \ - "cat <<-EOF - $(<"${FILE_PATH}") - EOF" 2> /dev/null - )" \ - > "${SCAN_DIRECTORY}/${FILE_PATH##*/}" + value="${default_value}" fi + + printf -- '%s' "${value}" } -function load_php_ini_scan_files () +function __get_apache_public_directory () { - local FILE_PATH - local PACKAGE_PATH="${1:-}" - local SCAN_DIRECTORY="/etc/php.d" + local -r default_value="${1:-public_html}" - for FILE_PATH in "${SCAN_DIRECTORY}"/*.ini - do - load_php_ini_scan_file \ - "${FILE_PATH}" \ - "${SCAN_DIRECTORY}" - done + local value="${APACHE_PUBLIC_DIRECTORY}" - if [[ -n ${PACKAGE_PATH} ]] \ - && [[ -d ${PACKAGE_PATH}/etc/php.d ]] + if ! __is_valid_apache_public_directory "${value}" then - for FILE_PATH in "${PACKAGE_PATH}/${SCAN_DIRECTORY}"/*.ini - do - load_php_ini_scan_file \ - "${FILE_PATH}" \ - "${SCAN_DIRECTORY}" - done + value="${default_value}" fi + + printf -- '%s' "${value}" } -function make_self_signed_san_certificate () +function __get_apache_run_group () { - local CN - local HOST - local HOSTS="${@}" - local SAN + local -r default_value="${1:-app-www}" - # Use default host if none specified. - if [[ ${#HOSTS[@]} -eq 0 ]]; then - HOSTS="localhost.localdomain" + local value="${APACHE_RUN_GROUP}" + + if ! __is_valid_apache_run_group "${value}" + then + value="${default_value}" fi - if [[ ${#HOSTS[@]} -gt 0 ]]; then - for HOST in ${HOSTS[@]}; do - if [[ -z ${SAN} ]]; then - # Common Name is required - use the first host. - CN="${HOST}" - else - # Additional hosts should be comma separated. - SAN+="," - fi + printf -- '%s' "${value}" +} - # Build up the subjectAltName value. - SAN+="DNS:${HOST}" - done +function __get_apache_run_user () +{ + local -r default_value="${1:-app-www}" + + local value="${APACHE_RUN_USER}" + + if ! __is_valid_apache_run_user "${value}" + then + value="${default_value}" fi - # Generate a custom openssl configuration - appending a san section. - cat \ - /etc/pki/tls/openssl.cnf \ - - \ - <<-CONFIG > /etc/pki/tls/certs/localhost.cnf + printf -- '%s' "${value}" +} - [ san ] - subjectAltName="${SAN:-root@localhost.localdomain}" - CONFIG +function __get_apache_server_alias () +{ + local value="${APACHE_SERVER_ALIAS}" - # Generate the certificate. - openssl req \ - -x509 \ - -sha256 \ - -nodes \ - -newkey rsa:2048 \ - -days 365 \ - -reqexts san \ - -extensions san \ - -subj "/CN=${CN}" \ - -config /etc/pki/tls/certs/localhost.cnf \ - -keyout /etc/pki/tls/certs/localhost.crt \ - -out /etc/pki/tls/certs/localhost.crt + value="${value//'{{HOSTNAME}}'/${HOSTNAME:-localhost.localdomain}}" + printf -- '%s' "${value}" } -function set_apache_enable_sendfile () +function __get_apache_server_name () { - local ENABLED=${1:-true} - local PATTERN_FROM - local PATTERN_TO + local value="${APACHE_SERVER_NAME:-"{{HOSTNAME}}"}" - if [[ ${ENABLED} == true ]]; then - PATTERN_FROM="^[#]?EnableSendfile (Off|off)$" - PATTERN_TO="#EnableSendfile on" - else - echo "Disabling EnableSendfile." - PATTERN_FROM="^[#]?EnableSendfile (On|on|Off|off)$" - PATTERN_TO="EnableSendfile off" + value="${value//'{{HOSTNAME}}'/${HOSTNAME:-localhost.localdomain}}" + + printf -- '%s' "${value}" +} + +function __get_apache_ssl_certificate () +{ + local -r default_value="" + local -r base64_pattern='^[A-Za-z0-9/+=]*$' + + local value="${APACHE_SSL_CERTIFICATE}" + + if [[ -n ${value} ]] + then + if [[ -f ${value} ]] + then + value="$(< "${value}")" + fi + + if [[ ${value} =~ ${base64_pattern} ]] + then + value="$( + base64 -d -i <<< "${value}" + )" + fi + + if ! __is_valid_apache_ssl_certificate "${value}" + then + value="${default_value}" + fi fi - sed -i \ - -re "s~${PATTERN_FROM}~${PATTERN_TO}~g" \ - /etc/services-config/httpd/conf/httpd.conf + printf -- '%s' "${value}" } -function set_apache_extended_status () +function __get_apache_ssl_cipher_suite () { - local ENABLED=${1:-false} - local PATTERN_FROM - local PATTERN_TO + local -r default_value="${1:-ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS}" - if [[ ${ENABLED} == true ]]; then - echo "Enabling ExtendedStatus." - PATTERN_FROM="^[#]?ExtendedStatus (On|on|Off|off)$" - PATTERN_TO="ExtendedStatus On" - else - PATTERN_FROM="^ExtendedStatus (On|on)$" - PATTERN_TO="#ExtendedStatus On" + local value="${APACHE_SSL_CIPHER_SUITE}" + + if ! __is_valid_apache_ssl_cipher_suite "${value}" + then + value="${default_value}" fi - sed -i \ - -re "s~${PATTERN_FROM}~${PATTERN_TO}~g" \ - /etc/services-config/httpd/conf/httpd.conf + printf -- '%s' "${value}" } -function set_apache_header_x_service_uid () +function __get_apache_ssl_protocol () { - local HEADER="${1:-}" + local -r default_value="${1:-"All -SSLv2 -SSLv3"}" - # Disable setting the X-Service-UID header if an empty value. - if [[ -z ${HEADER} ]]; then - sed -i \ - -e 's~^\([ \t]*\)\(Header set X-Service-UID .*\)$~\1#\2~g' \ - /etc/services-config/httpd/conf.d/00-headers.conf + local value="${APACHE_SSL_PROTOCOL}" + + if ! __is_valid_apache_ssl_protocol "${value}" + then + value="${default_value}" fi + + printf -- '%s' "${value}" } -function set_apache_mpm () +function __get_apache_system_user () { - local MPM="${1:-APACHE_MPM}" + local -r default_value="${1:-app}" - case "${MPM,,}" in - event) - if [[ -f /etc/httpd/conf.modules.d/00-mpm.conf ]]; then - sed -ri \ - -e 's~^(LoadModule.*)$~#\1~g' \ - -e 's~^#(LoadModule mpm_event_module.*)$~\1~' \ - /etc/httpd/conf.modules.d/00-mpm.conf - elif [[ -f /usr/sbin/httpd.event ]]; then - sed -ri \ - -e 's~^#?(HTTPD=/usr/sbin/httpd).*$~\1.event~' \ - /etc/sysconfig/httpd - else - printf -- \ - 'ERROR: Invalid Apache Server MPM: %s\n' \ - "${OPTS_APACHE_MPM}" >&2 - exit 1 - fi - ;; - worker) - if [[ -f /etc/httpd/conf.modules.d/00-mpm.conf ]]; then - sed -ri \ - -e 's~^(LoadModule.*)$~#\1~g' \ - -e 's~^#(LoadModule mpm_worker_module.*)$~\1~' \ - /etc/httpd/conf.modules.d/00-mpm.conf - elif [[ -f /usr/sbin/httpd.worker ]]; then - sed -ri \ - -e 's~^#?(HTTPD=/usr/sbin/httpd).*$~\1.worker~' \ - /etc/sysconfig/httpd - else - printf -- \ - 'ERROR: Invalid Apache Server MPM: %s\n' \ - "${OPTS_APACHE_MPM}" >&2 - exit 1 - fi - ;; - prefork) - if [[ -f /etc/httpd/conf.modules.d/00-mpm.conf ]]; then - sed -ri \ - -e 's~^(LoadModule.*)$~#\1~g' \ - -e 's~^#(LoadModule mpm_prefork_module.*)$~\1~' \ - /etc/httpd/conf.modules.d/00-mpm.conf - elif [[ -f /usr/sbin/httpd ]]; then - sed -ri \ - -e 's~^(HTTPD=/usr/sbin/httpd.*)$~#\1~g' \ - /etc/sysconfig/httpd - else - printf -- \ - 'ERROR: Invalid Apache Server MPM: %s\n' \ - "${OPTS_APACHE_MPM}" >&2 - exit 1 - fi - ;; - *) - printf -- \ - 'ERROR: Invalid Apache Server MPM: %s\n' \ - "${OPTS_APACHE_MPM}" >&2 - exit 1 - ;; - esac + local value="${APACHE_SYSTEM_USER}" + + if ! __is_valid_apache_system_user "${value}" + then + value="${default_value}" + fi + + printf -- '%s' "${value}" } -function set_apache_server_name () +function __get_apache_server_version () { - local HOST_NAME="${1:-${APACHE_SERVER_NAME:-$(hostname)}}" - local PORT="${2:-80}" + local semantic_version - sed -i \ - -e "s~^#ServerName \(.*\):80$~ServerName ${HOST_NAME}:${PORT}~g" \ - /etc/services-config/httpd/conf/httpd.conf + if ! command -v httpd &> /dev/null + then + >&2 printf -- \ + 'ERROR: Apache Server binary not installed.\n' + return 1 + fi + + semantic_version="$( + httpd -v \ + | grep -E -o 'Server version: Apache\/[0-9]+\.[0-9]+\.[0-9]+' \ + | awk -F/ '{ print $NF; }' + )" + + printf -- '%s' "${semantic_version}" } -function set_apache_ssl_certificate () +function __get_details_ssl_certificate_fingerprint () { - local -r FILE_PATH='/etc/pki/tls/certs/localhost.crt' - local -r BASE64_PATTERN='^[A-Za-z0-9/+=]*$' - local -r PLAIN_TEXT_PATTERN='^-----BEGIN ' - local SSL_CERTIFICATE="${1:-}" + local -r digest="${1:-sha1}" + local -r fingerprint="$( + __get_ssl_certificate_fingerprint \ + "${digest}" + )" - if [[ -n ${SSL_CERTIFICATE} ]]; then - # Decode base64 encoded values - if [[ ${SSL_CERTIFICATE} =~ ${BASE64_PATTERN} ]]; then - SSL_CERTIFICATE="$( - base64 -d -i <<< "${SSL_CERTIFICATE}" - )" - fi + printf -- \ + '\ntls/ssl certificate %s fingerprint : \n%s' \ + "${digest}" \ + "${fingerprint}" +} - if [[ -s ${SSL_CERTIFICATE} ]] \ - && [[ ${SSL_CERTIFICATE} != ${FILE_PATH} ]] - then - ln -sf \ - "${SSL_CERTIFICATE}" \ - "${FILE_PATH}" - else - if [[ ! ${SSL_CERTIFICATE} =~ ${PLAIN_TEXT_PATTERN} ]]; then - printf -- \ - 'ERROR: Invalid APACHE_SSL_CERTIFICATE\n' \ - >&2 - sleep 0.1 - exit 1 - fi +function __get_package_path () +{ + local -r default_value="${1:-/opt/app}" - printf \ - -- '%s' \ - "${SSL_CERTIFICATE}" \ - > "${FILE_PATH}" - fi + local value="${PACKAGE_PATH}" - if ! is_valid_apache_ssl_certificate \ - "${FILE_PATH}" - then - printf -- \ - 'ERROR: Invalid APACHE_SSL_CERTIFICATE\n' \ - >&2 - sleep 0.1 - exit 1 - fi + if ! __is_valid_package_path "${value}" + then + value="${default_value}" fi + + printf -- '%s' "${value}" } -function update_group_name () -{ - local GROUP_FROM="${1}" - local GROUP_TO="${2}" - - if [[ ${GROUP_TO} != "${GROUP_FROM}" ]] \ - && [[ ${GROUP_TO} != root ]] \ - && [[ ${GROUP_FROM} != root ]] \ - && [[ -n $(getent group "${GROUP_FROM}") ]]; then - groupmod -n "${GROUP_TO}" "${GROUP_FROM}" - fi -} - -function update_user_login () -{ - local USER_FROM="${1}" - local USER_TO="${2}" - - if [[ ${USER_TO} != "${USER_FROM}" ]] \ - && is_valid_user_login "${USER_TO}" \ - && is_valid_user_login "${USER_FROM}" \ - && [[ -z $(getent passwd "${USER_TO}") ]] \ - && [[ -n $(getent passwd "${USER_FROM}") ]]; then - usermod -l "${USER_TO}" "${USER_FROM}" - fi -} - -DEFAULT_SYSTEM_USER=app -DEFAULT_APACHE_USER=app-www -PACKAGE_PATH="${PACKAGE_PATH:-/opt/app}" -PASSWORD_LENGTH=16 - -OPTS_APACHE_CONTENT_ROOT="$( - get_apache_content_root -)" -OPTS_APACHE_DOCUMENT_ROOT="${OPTS_APACHE_CONTENT_ROOT}/$( - get_apache_public_directory -)" -OPTS_APACHE_EXTENDED_STATUS_ENABLED="${APACHE_EXTENDED_STATUS_ENABLED:-false}" -OPTS_APACHE_HEADER_X_SERVICE_UID="$( - get_apache_header_x_service_uid -)" -OPTS_APACHE_MOD_SSL_ENABLED="${APACHE_MOD_SSL_ENABLED:-false}" -OPTS_APACHE_MPM="${APACHE_MPM:-prefork}" -OPTS_APACHE_RUN_GROUP="${APACHE_RUN_GROUP:-${DEFAULT_APACHE_USER}}" -OPTS_APACHE_RUN_USER="${APACHE_RUN_USER:-${DEFAULT_APACHE_USER}}" -OPTS_APACHE_SERVER_ALIAS="${APACHE_SERVER_ALIAS:-}" -OPTS_APACHE_SERVER_NAME="${APACHE_SERVER_NAME:-$(hostname)}" -OPTS_APACHE_SSL_CERTIFICATE="${APACHE_SSL_CERTIFICATE:-}" -OPTS_APACHE_SYSTEM_USER="${APACHE_SYSTEM_USER:-${DEFAULT_SYSTEM_USER}}" - -# Load app package Apache configuration files. -load_httpd_conf_scan_files "${PACKAGE_PATH}" - -# Load app package PHP configuration files. -load_php_ini_scan_files "${PACKAGE_PATH}" - -# Populate SSL certificate file. -if [[ ${OPTS_APACHE_MOD_SSL_ENABLED} == true ]] \ - && [[ -n ${OPTS_APACHE_SSL_CERTIFICATE} ]] -then - set_apache_ssl_certificate \ - "${OPTS_APACHE_SSL_CERTIFICATE}" -elif [[ ${OPTS_APACHE_MOD_SSL_ENABLED} == true ]] \ - && [[ -z ${OPTS_APACHE_SSL_CERTIFICATE} ]] -then - make_self_signed_san_certificate \ - "${OPTS_APACHE_SERVER_NAME}" \ - "${OPTS_APACHE_SERVER_ALIAS}" \ - 1&> /dev/null \ - & - - PIDS[2]=${!} -fi - -# Set the system user passwords -echo "${DEFAULT_SYSTEM_USER}:$( - get_password ${PASSWORD_LENGTH} -)" | chpasswd \ -& -PIDS[0]=${!} - -echo "${DEFAULT_APACHE_USER}:$( - get_password ${PASSWORD_LENGTH} -)" | chpasswd \ -& -PIDS[1]=${!} - -# Verify package installation directory exists -if [[ ! -d ${PACKAGE_PATH} ]]; then - echo "ERROR: ${PACKAGE_PATH} not found." >&2 - exit 1 -fi - -# Initialise Apache server root directory. -APACHE_SERVER_HOME="$( - dirname \ - "${OPTS_APACHE_CONTENT_ROOT}" -)" - -if [[ ! -d ${APACHE_SERVER_HOME} ]]; then - echo "Create home directory ${APACHE_SERVER_HOME}." - mkdir -p -m 755 "${APACHE_SERVER_HOME}" -fi - -if [[ ! -d ${OPTS_APACHE_CONTENT_ROOT} ]]; then - echo "Linking install directory ${PACKAGE_PATH} > ${OPTS_APACHE_CONTENT_ROOT}." - ln -s \ - "${PACKAGE_PATH}" \ - "${OPTS_APACHE_CONTENT_ROOT}" -fi - -if [[ -d ${OPTS_APACHE_CONTENT_ROOT} ]] \ - && [[ ! -h ${OPTS_APACHE_CONTENT_ROOT} ]] \ - && [[ -z $(find "${OPTS_APACHE_CONTENT_ROOT}" -maxdepth 1 -type f) ]]; then - echo "Populating install directory ${PACKAGE_PATH} > ${OPTS_APACHE_CONTENT_ROOT}." - cp -rpf \ - "${PACKAGE_PATH}"/. \ - "${OPTS_APACHE_CONTENT_ROOT}" -fi - -# Verify Apache DocumentRoot directory exists -if [[ ! -d ${OPTS_APACHE_DOCUMENT_ROOT} ]]; then - echo "ERROR: ${OPTS_APACHE_DOCUMENT_ROOT} not found." >&2 - exit 1 -fi - -APACHE_DOCUMENT_ROOT_FILE_SYSTEM=$( - df -PT "${OPTS_APACHE_DOCUMENT_ROOT}" \ - | awk 'NR>1 { print $2 }' -) - -# Server MPM -set_apache_mpm "${OPTS_APACHE_MPM}" - -# Add local hosts entries -add_hosts_entry \ - 127.0.0.1 \ - "$( - printf -- \ - '%s%s%s' \ - "${OPTS_APACHE_SERVER_NAME}" \ - "${OPTS_APACHE_SERVER_ALIAS:+ }" \ - "${OPTS_APACHE_SERVER_ALIAS}" - )" - -# Set Apache EnableSendfile -if [[ ${APACHE_DOCUMENT_ROOT_FILE_SYSTEM} == nfs ]]; then - set_apache_enable_sendfile false -else - set_apache_enable_sendfile true -fi - -# Set Apache ExtendedStatus -set_apache_extended_status "${OPTS_APACHE_EXTENDED_STATUS_ENABLED}" - -# Set Apache X-Service-UID Header -set_apache_header_x_service_uid "${OPTS_APACHE_HEADER_X_SERVICE_UID}" - -# Set Apache ServerName -set_apache_server_name "${OPTS_APACHE_SERVER_NAME}" 80 - -# Enable Apache modules -APACHE_MODULES_ENABLED=$( - enable_apache_modules \ - "${APACHE_LOAD_MODULES}" \ - | sort -) - -# Enable/Disable SSL support -if [[ ${OPTS_APACHE_MOD_SSL_ENABLED} == true ]]; then - echo "Enabling SSL support." - cat \ - /etc/httpd/conf.d/ssl.conf.off \ - > /etc/httpd/conf.d/ssl.conf +function __get_password () +{ + local -r length="${1:-16}" + local -r password="$( + head -n 4096 /dev/urandom \ + | tr -cd '[:alnum:]' \ + | cut -c1-"${length}" + )" - if [[ -f /etc/services-config/httpd/conf.d/10-ssl-vhost.conf.off ]]; then - cat \ - /etc/services-config/httpd/conf.d/10-ssl-vhost.conf.off \ - > /etc/services-config/httpd/conf.d/10-ssl-vhost.conf - fi + printf -- '%s' "${password}" +} - if [[ -f /etc/httpd/conf.modules.d/00-ssl.conf ]]; then - sed -i \ - -e 's~^#\(LoadModule ssl_module .*\)$~\1~' \ - /etc/httpd/conf.modules.d/00-ssl.conf - fi -else - > /etc/httpd/conf.d/ssl.conf +function __get_php_options_date_timezone () +{ + local -r default_value="${1:-UTC}" + + local value="${PHP_OPTIONS_DATE_TIMEZONE}" - if [[ -f /etc/services-config/httpd/conf.d/10-ssl-vhost.conf ]]; then - > /etc/services-config/httpd/conf.d/10-ssl-vhost.conf + if ! __is_valid_php_options_date_timezone "${value}" + then + value="${default_value}" fi - if [[ -f /etc/httpd/conf.modules.d/00-ssl.conf ]]; then - sed -i \ - -e 's~^\(LoadModule ssl_module .*\)$~#\1~' \ - /etc/httpd/conf.modules.d/00-ssl.conf - fi -fi - -# Set ownership for fcgid php-wrapper and socket if necessary -if [[ -d ${PACKAGE_PATH}/bin && -d /var/run/mod_fcgid ]]; then - chown -R \ - "${OPTS_APACHE_RUN_USER}":"${OPTS_APACHE_RUN_GROUP}" \ - {"${PACKAGE_PATH}"/bin,/var/run/mod_fcgid} -fi - -# Set the system user's login names and groups -update_user_login "${DEFAULT_SYSTEM_USER}" "${OPTS_APACHE_SYSTEM_USER}" -update_group_name "${DEFAULT_SYSTEM_USER}" "${OPTS_APACHE_SYSTEM_USER}" -update_user_login "${DEFAULT_APACHE_USER}" "${OPTS_APACHE_RUN_USER}" -update_group_name "${DEFAULT_APACHE_USER}" "${OPTS_APACHE_RUN_GROUP}" - -# Wait for background processes -wait ${PIDS[0]} -wait ${PIDS[1]} - -SSL_CRT_FINGERPRINT_DETAILS= -if [[ ${OPTS_APACHE_MOD_SSL_ENABLED} == true ]]; then - # Wait for certificate generation if necessary - [[ -n ${PIDS[2]} ]] && wait ${PIDS[2]} - - DIGEST=sha1 - FINGERPRINT="$( - get_ssl_certificate_fingerprint \ - "${DIGEST}" \ - "/etc/pki/tls/certs/localhost.crt" - )" - - printf -v \ - DETAILS_LABEL \ - -- 'ssl certificate %s fingerprint : ' \ - "${DIGEST}" - - printf -v \ - SSL_CRT_FINGERPRINT_DETAILS \ - -- '\n%s\n%s' \ - "${DETAILS_LABEL}" \ - "${FINGERPRINT}" -fi - -TIMER_TOTAL="$( - echo - | awk "\ - { T1=\"${TIMER_START}\" } \ - { T2=\"$(date +%s.%N)\" } \ - { print T2 - T1; }" -)" - -cat <<-EOT - - ================================================================================ - Apache Details - -------------------------------------------------------------------------------- - system user : ${OPTS_APACHE_SYSTEM_USER} - run user : ${OPTS_APACHE_RUN_USER} - run group : ${OPTS_APACHE_RUN_GROUP} - server name : ${OPTS_APACHE_SERVER_NAME} - server alias : ${OPTS_APACHE_SERVER_ALIAS} - header x-service-uid : ${OPTS_APACHE_HEADER_X_SERVICE_UID:-unset} - document root : ${OPTS_APACHE_DOCUMENT_ROOT} (${APACHE_DOCUMENT_ROOT_FILE_SYSTEM}) - server mpm : ${OPTS_APACHE_MPM,,} - modules enabled : - ${APACHE_MODULES_ENABLED}${SSL_CRT_FINGERPRINT_DETAILS} - -------------------------------------------------------------------------------- - ${TIMER_TOTAL} - -EOT - -# Release lock file -rm -f /var/lock/subsys/httpd-bootstrap - -exit 0 + printf -- '%s' "${value}" +} + +function __get_php_options_session_name () +{ + local -r default_value="${1:-PHPSESSID}" + + local value="${PHP_OPTIONS_SESSION_NAME}" + + if ! __is_valid_php_options_session_name "${value}" + then + value="${default_value}" + fi + + printf -- '%s' "${value}" +} + +function __get_php_options_session_save_handler () +{ + local -r default_value="${1:-files}" + + local value="${PHP_OPTIONS_SESSION_SAVE_HANDLER}" + + if ! __is_valid_php_options_session_save_handler "${value}" + then + value="${default_value}" + fi + + printf -- '%s' "${value}" +} + +function __get_php_options_session_save_path () +{ + local -r content_root="${3:-"$( + __get_apache_content_root + )"}" + local -r default_value="${1:-var/session}" + local -r default_value_memcached="memcached:11211" + local -r default_value_redis="redis:6379" + local -r save_handler="${2:-"$( + __get_php_options_session_save_handler + )"}" + + local value="${PHP_OPTIONS_SESSION_SAVE_PATH}" + + if [[ -z "${value}" ]] + then + case "${save_handler}" in + # memcached) + # value="${default_value_memcached}" + # ;; + # redis) + # value="${default_value_redis}" + # ;; + files|*) + value="${default_value}" + ;; + esac + fi + + if [[ ${save_handler} == files ]] \ + && [[ ! ${value} =~ ^[\.]{,2}/ ]] + then + printf -v \ + value \ + -- '%s/%s' \ + "${content_root}" \ + "${value}" + fi + + printf -- '%s' "${value}" +} + +function __get_ssl_certificate_fingerprint () +{ + local -r digest="${1:-sha1}" + local -r certificate_path="${2:-/etc/pki/tls/certs/localhost.crt}" + + local value + + value="$( + openssl x509 \ + -"${digest,,}" \ + -in "${certificate_path}" \ + -noout \ + -fingerprint + )" + + value="${value//${digest^^}' Fingerprint='/}" + + printf -- '%s' "${value}" +} + +function __get_timer_total () +{ + local -r timer_end="$( + date +%s.%N + )" + local -r timer_start="${1}" + + if [[ -z ${timer_start} ]] \ + || [[ ${timer_start//.} -gt ${timer_end//.} ]] + then + >&2 printf -- \ + 'ERROR: invalid timer start: %s\n' \ + "${timer_start}" + printf -- \ + '0.000000' + else + awk \ + -v timer_end="${timer_end}" \ + -v timer_start="${timer_start}" \ + 'BEGIN { print \ + timer_end - timer_start; + }' + fi +} + +function __init_datadir () +{ + local -r content_root="${2:-"$( + __get_apache_content_root + )"}" + local -r content_root_prefix="$( + dirname \ + "${content_root}" + )" + local -r package_path="${1:-"$( + __get_package_path + )"}" + + verbose="${verbose:-false}" + + if [[ ! -d ${content_root_prefix} ]] + then + mkdir \ + -p \ + -m 755 \ + "${content_root_prefix}" + fi + + if [[ ! -d ${content_root} ]] + then + if [[ ${verbose} == true ]] + then + printf -- \ + 'Linking install directory %s > %s.\n' \ + "${package_path}" \ + "${content_root}" + fi + + ln -s \ + "${package_path}" \ + "${content_root}" + elif [[ -d ${content_root} ]] \ + && [[ ! -h ${content_root} ]] \ + && [[ -z "$(find "${content_root}" -maxdepth 1 -type f)" ]] + then + if [[ ${verbose} == true ]] + then + printf -- \ + 'Populating install directory %s > %s.\n' \ + "${package_path}" \ + "${content_root}" + fi + + cp -rpf \ + "${package_path}"/. \ + "${content_root}" + fi +} + +function __is_valid_apache_content_root () +{ + local -r directory_path="${1}" + local -r valid_directory='^\/(?!\/|bin|dev|etc|lib|lib64|lost+found|media|proc|root|sbin|sys|tmp|usr).+$' + + local absolute_path="$( + __absolute_path \ + "${directory_path}" + )" + + if grep -qoP "${valid_directory}" <<< "${absolute_path}" + then + return 0 + fi + + return 1 +} + +function __is_valid_apache_custom_log_format () +{ + local -r format="${1}" + local -r package_path="${2:-"$( + __get_package_path + )"}" + + local defined_format + local defined_formats + + if [[ -z ${format} ]] + then + return 1 + fi + + defined_formats="$( + find \ + /etc/httpd \ + "${package_path}"/etc/httpd \ + -type f \ + -name *.conf \ + | xargs \ + sed \ + -e ':a;N;$!ba;s/\\\n//g' \ + | grep 'LogFormat' \ + | awk '{ print $NF; }' \ + | sort \ + | uniq + )" + + for defined_format in ${defined_formats} + do + if [[ ${defined_format} == "${format}" ]] + then + return 0 + fi + done + + return 1 +} + +function __is_valid_apache_error_log_level () +{ + local -r apache_version="$( + __get_apache_server_version + )" + local -r valid_loglevel='^(emerg|alert|crit|error|warn|notice|info|debug)$' + local -r valid_loglevel_24='^trace[1-8]$' + local -r value="${1}" + + if [[ ${value} =~ ${valid_loglevel} ]] + then + return 0 + elif [[ ${apache_version} =~ ^2\.4\. ]] \ + && [[ ${value} =~ ${valid_loglevel_24} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_apache_extended_status_enabled () +{ + __is_valid_boolean "${@}" +} + +function __is_valid_apache_mod_ssl_enabled () +{ + __is_valid_boolean "${@}" +} + +function __is_valid_apache_mpm () +{ + local -r valid_value='^(prefork|worker|event)$' + local -r value="${1}" + + if [[ ${value} =~ ${valid_value} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_apache_operating_mode () +{ + local -r valid_value='^(production|development|debug)$' + local -r value="${1}" + + if [[ ${value} =~ ${valid_value} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_apache_run_group () +{ + __is_valid_user_login "${@}" +} + +function __is_valid_apache_run_user () +{ + __is_valid_user_login "${@}" +} + +function __is_valid_apache_public_directory () +{ + local -r directory="${1}" + local -r directory_absolute="$( + __absolute_path "$( + __get_apache_content_root + )/${directory}" + )" + local -r valid_directory='^\/(?!\/|bin|dev|etc|lib|lib64|lost+found|media|proc|root|sbin|sys|tmp|usr).+$' + local -r valid_subdirectory='^[^\/\\].+$' + + if grep -qoP "${valid_directory}" <<< "${directory_absolute}" + then + return 0 + fi + + if grep -qoP "${valid_subdirectory}" <<< "${directory}" + then + return 0 + fi + + return 1 +} + +function __is_valid_apache_ssl_certificate () +{ + local -r certificate="${1}" + local -r certificate_pattern='^-----BEGIN ' + + if [[ ${certificate} =~ ${certificate_pattern} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_apache_ssl_certificate_file () +{ + local -r certificate_path="${1:-/etc/pki/tls/certs/localhost.crt}" + local -r fingerprint_pattern='^SHA1 Fingerprint=' + + local fingerprint + + fingerprint="$( + openssl \ + x509 \ + -sha1 \ + -in "${certificate_path}" \ + -noout \ + -fingerprint + )" + + if [[ ${fingerprint} =~ ${fingerprint_pattern} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_apache_ssl_cipher_suite () +{ + local cipher_list="${1}" + + if [[ -n ${cipher_list} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_apache_ssl_protocol () +{ + local protocol_list="${1}" + + if [[ -n ${protocol_list} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_apache_system_user () +{ + __is_valid_user_login "${@}" +} + +function __is_valid_boolean () +{ + local -r boolean_value='^(true|false)$' + local -r value="${1}" + + if [[ ${value} =~ ${boolean_value} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_package_path () +{ + __is_valid_apache_content_root "${@}" +} + +function __is_valid_php_options_date_timezone () +{ + __is_valid_timezone "${@}" +} + +# PHP Manual advises short alphanumeric values only however session names with +# _ and - are in common use. +function __is_valid_php_options_session_name () +{ + local -r alphanumeric_value='^[A-Za-z0-9_-]{1,16}$' + local -r numeric_value='^[0-9]+$' + local -r value="${1}" + + if [[ ${value} =~ ${alphanumeric_value} ]] \ + && [[ ! ${value} =~ ${numeric_value} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_php_options_session_save_handler () +{ + local -r registered_save_handlers="$( + php \ + -d error_reporting=0 \ + -i \ + | grep 'Registered save handlers' \ + | sed -r \ + -e 's~^.* => ~~' \ + -e 's~ ~|~g' \ + -e 's~^(.*)$~^(\1~' \ + -e 's~^(.*)\|$~\1)$~' + )" + local -r value="${1}" + + if [[ ${value} =~ ${registered_save_handlers} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_user_login () +{ + local -r login="${1}" + local -r valid_login='^[a-z_][a-z0-9_-]{0,29}[$a-z0-9_]?$' + + if [[ ${login} != root ]] \ + && [[ ${login} =~ ${valid_login} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_timezone () +{ + local -r zone="${1}" + + if [[ -z ${zone} ]] + then + return 1 + fi + + if [[ -f /usr/share/zoneinfo/${zone} ]] + then + return 0 + fi + + return 1 +} + +function __load_httpd_conf_scan_files () +{ + local -r package_path="${1:-"$( + __get_package_path + )"}" + + local file_path + + if [[ -n ${package_path} ]] \ + && [[ -d ${package_path}/etc/httpd/conf.d ]] + then + for file_path in "${package_path}"/etc/httpd/conf.d/*.conf + do + cat \ + "${file_path}" \ + > "/etc/httpd/conf.d/${file_path##*/}" + done + fi + + if [[ -n ${package_path} ]] \ + && [[ -d ${package_path}/etc/httpd/conf.virtualhost.d ]] + then + for file_path in "${package_path}"/etc/httpd/conf.virtualhost.d/*.conf + do + cat \ + "${file_path}" \ + > "/etc/httpd/conf.virtualhost.d/${file_path##*/}" + done + fi +} + +function __load_php_ini_scan_file () +{ + local -r file_path="${1}" + local -r scan_directory="${2}" + + if [[ -n ${scan_directory} ]] \ + && [[ -n ${file_path} ]] \ + && [[ -s ${file_path} ]] + then + cat \ + "${file_path}" \ + > "${scan_directory}/${file_path##*/}" + fi +} + +function __load_php_ini_scan_files () +{ + local -r package_path="${1:-"$( + __get_package_path + )"}" + local -r scan_directory="/etc/php.d" + + local file_path + + if [[ -n ${package_path} ]] \ + && [[ -d ${package_path}/etc/php.d ]] + then + for file_path in "${package_path}/${scan_directory}"/*.ini + do + __load_php_ini_scan_file \ + "${file_path}" \ + "${scan_directory}" + done + fi +} + +function __make_self_signed_san_certificate () +{ + local -r certificate_path="/etc/pki/tls/certs/localhost.crt" + local -r config_path="/etc/pki/tls/certs/localhost.cnf" + local -r default_config_path="/etc/pki/tls/openssl.cnf" + local -r hosts="${@}" + + local common_name + local host + local subject_alt_name + + # Use default host if none specified. + if [[ ${#hosts[@]} -eq 0 ]] + then + hosts="localhost.localdomain" + fi + + if [[ ${#hosts[@]} -gt 0 ]] + then + for host in ${hosts[@]} + do + if [[ -z ${subject_alt_name} ]] + then + # Common Name is required - use the first host. + common_name="${host}" + else + # Additional hosts should be comma separated. + subject_alt_name+="," + fi + + # Build up the subjectAltName value. + subject_alt_name+="DNS:${host}" + done + fi + + # Generate a custom openssl configuration - appending a san section. + cat \ + "${default_config_path}" \ + - \ + <<-CONFIG > "${config_path}" + + [ san ] + subjectAltName="${subject_alt_name:-root@localhost.localdomain}" + CONFIG + + # Generate the certificate. + openssl req \ + -x509 \ + -sha256 \ + -nodes \ + -newkey rsa:2048 \ + -days 365 \ + -reqexts san \ + -extensions san \ + -subj "/CN=${common_name}" \ + -config "${config_path}" \ + -keyout "${certificate_path}" \ + -out "${certificate_path}" +} + +function __set_apache_enable_sendfile () +{ + local enable="${1:-true}" + local match + local replace + + if [[ ${enable} == true ]] + then + match="^[#]?EnableSendfile (Off|off)$" + replace="#EnableSendfile on" + else + match="^[#]?EnableSendfile (On|on|Off|off)$" + replace="EnableSendfile off" + fi + + sed -r -i \ + -e "s~${match}~${replace}~g" \ + /etc/httpd/conf/httpd.conf +} + +function __set_apache_extended_status () +{ + local enable="${1:-"$( + __get_apache_extended_status_enabled + )"}" + local match + local replace + + if [[ ${enable} == true ]] + then + match="^[#]?ExtendedStatus (On|on|Off|off)$" + replace="ExtendedStatus On" + else + match="^ExtendedStatus (On|on)$" + replace="#ExtendedStatus On" + fi + + sed -r -i \ + -e "s~${match}~${replace}~g" \ + /etc/httpd/conf/httpd.conf +} + +function __set_apache_header_x_service_uid () +{ + local header="${1}" + + if [[ -n ${header} ]] + then + sed -r -i \ + -e "s~(\\$\{|\{\{)APACHE_HEADER_X_SERVICE_UID(\}\}|(:-.+)?\})~${header}~g" \ + /etc/httpd/conf.d/00-headers.conf + else + # Remove X-Service-UID header if an empty value. + sed -r -i \ + -e 's~^([ \t]*)(Header set X-Service-UID .*)$~\1#\2~g' \ + /etc/httpd/conf.d/00-headers.conf + fi +} + +function __set_apache_mod_ssl_enabled () +{ + local enable="${1:-"$( + __get_apache_mod_ssl_enabled + )"}" + + if [[ ${enable} == true ]] + then + cat \ + /etc/httpd/conf.d/ssl.conf.off \ + > /etc/httpd/conf.d/ssl.conf + + if [[ -f /etc/httpd/conf.d/10-ssl-vhost.conf.off ]] + then + cat \ + /etc/httpd/conf.d/10-ssl-vhost.conf.off \ + > /etc/httpd/conf.d/10-ssl-vhost.conf + fi + + if [[ -f /etc/httpd/conf.modules.d/00-ssl.conf ]] + then + sed -i \ + -e 's~^#\(LoadModule ssl_module .*\)$~\1~' \ + /etc/httpd/conf.modules.d/00-ssl.conf + fi + else + truncate -s 0 \ + /etc/httpd/conf.d/ssl.conf + + if [[ -f /etc/httpd/conf.d/10-ssl-vhost.conf ]] + then + truncate -s 0 \ + /etc/httpd/conf.d/10-ssl-vhost.conf + fi + + if [[ -f /etc/httpd/conf.modules.d/00-ssl.conf ]] + then + sed -i \ + -e 's~^\(LoadModule ssl_module .*\)$~#\1~' \ + /etc/httpd/conf.modules.d/00-ssl.conf + fi + fi +} + +function __set_apache_mpm () +{ + local apache_mpm="${1:-"$( + __get_apache_mpm + )"}" + + case "${apache_mpm,,}" in + event) + if [[ -f /etc/httpd/conf.modules.d/00-mpm.conf ]] + then + sed -r -i \ + -e 's~^(LoadModule.*)$~#\1~g' \ + -e 's~^#(LoadModule mpm_event_module.*)$~\1~' \ + /etc/httpd/conf.modules.d/00-mpm.conf + elif [[ -f /usr/sbin/httpd.event ]] + then + sed -r -i \ + -e 's~^#?(HTTPD=/usr/sbin/httpd).*$~\1.event~' \ + /etc/sysconfig/httpd + else + >&2 printf -- \ + 'ERROR: Invalid Apache Server MPM: %s\n' \ + "${apache_mpm}" + exit 1 + fi + ;; + worker) + if [[ -f /etc/httpd/conf.modules.d/00-mpm.conf ]] + then + sed -r -i \ + -e 's~^(LoadModule.*)$~#\1~g' \ + -e 's~^#(LoadModule mpm_worker_module.*)$~\1~' \ + /etc/httpd/conf.modules.d/00-mpm.conf + elif [[ -f /usr/sbin/httpd.worker ]] + then + sed -r -i \ + -e 's~^#?(HTTPD=/usr/sbin/httpd).*$~\1.worker~' \ + /etc/sysconfig/httpd + else + >&2 printf -- \ + 'ERROR: Invalid Apache Server MPM: %s\n' \ + "${apache_mpm}" + exit 1 + fi + ;; + prefork) + if [[ -f /etc/httpd/conf.modules.d/00-mpm.conf ]] + then + sed -r -i \ + -e 's~^(LoadModule.*)$~#\1~g' \ + -e 's~^#(LoadModule mpm_prefork_module.*)$~\1~' \ + /etc/httpd/conf.modules.d/00-mpm.conf + elif [[ -f /usr/sbin/httpd ]] + then + sed -r -i \ + -e 's~^(HTTPD=/usr/sbin/httpd.*)$~#\1~g' \ + /etc/sysconfig/httpd + else + >&2 printf -- \ + 'ERROR: Invalid Apache Server MPM: %s\n' \ + "${apache_mpm}" + exit 1 + fi + ;; + *) + >&2 printf -- \ + 'ERROR: Invalid Apache Server MPM: %s\n' \ + "${apache_mpm}" + exit 1 + ;; + esac +} + +function __set_apache_server_name () +{ + local -r host="${1:-"$( + __get_apache_server_name + )"}" + local -r port="${2:-80}" + + sed -i \ + -e "s~^#ServerName \(.*\):80$~ServerName ${host}:${port}~g" \ + /etc/httpd/conf/httpd.conf +} + +function __set_apache_ssl_certificate () +{ + local -r certificate="${1:-"$( + __get_apache_ssl_certificate + )"}" + local -r certificate_path="/etc/pki/tls/certs/localhost.crt" + + local server_name + local server_alias + + if [[ -z ${certificate} ]] + then + server_name="${2:-"$( + __get_apache_server_name + )"}" + server_alias="${3:-"$( + __get_apache_server_alias + )"}" + + __make_self_signed_san_certificate \ + "${server_name}" \ + "${server_alias}" \ + &> /dev/null + else + printf -- \ + '%s' \ + "${certificate}" \ + > "${certificate_path}" + fi + + if ! __is_valid_apache_ssl_certificate_file "${certificate_path}" + then + >&2 printf -- \ + 'ERROR: Invalid APACHE_SSL_CERTIFICATE\n' + exit 1 + fi +} + +function __set_apache_run_user () +{ + local -r user="${1:-"$( + __get_apache_run_user + )"}" + local -r user_default="${2:-app-www}" + + __update_user_login \ + "${user_default}" \ + "${user}" +} + +function __set_apache_run_group () +{ + local -r group="${1:-"$( + __get_apache_run_group + )"}" + local -r group_default="${2:-app-www}" + + __update_group_name \ + "${group_default}" \ + "${group}" +} + +function __set_apache_system_user () +{ + local -r user="${1:-"$( + __get_apache_system_user + )"}" + local -r user_default="${2:-app}" + + __update_user_login \ + "${user_default}" \ + "${user}" + __update_group_name \ + "${user_default}" \ + "${user}" +} + +function __set_loopback_hosts_entry () +{ + local server_name="${1:-"$( + __get_apache_server_name + )"}" + local server_alias="${2:-"$( + __get_apache_server_alias + )"}" + + __add_hosts_entry \ + "127.0.0.1" \ + "$( + printf -- \ + '%s%s%s' \ + "${apache_server_name}" \ + "${apache_server_alias:+ }" \ + "${apache_server_alias}" + )" +} + +function __set_php_fpm_pool () +{ + local -r user="${1:-"$( + __get_apache_run_user + )"}" + local -r group="${2:-"$( + __get_apache_run_group + )"}" + + if [[ -f /etc/php-fpm.d/www.conf.template ]] + then + rm -f /etc/php-fpm.d/*.conf + + sed \ + -e "s~{{APACHE_RUN_GROUP}}~${group}~g" \ + -e "s~{{APACHE_RUN_USER}}~${user}~g" \ + /etc/php-fpm.d/www.conf.template \ + > "/etc/php-fpm.d/${user}.conf" + + sed -i \ + -e "s~php-fpm/\(.*\)\.sock~php-fpm/${user}\.sock~" \ + /etc/httpd/conf.d/php-fpm.conf + fi +} + +function __update_group_name () +{ + local -r group="${1}" + local -r group_new="${2}" + + if [[ ${group_new} != "${group}" ]] \ + && [[ ${group_new} != root ]] \ + && [[ ${group} != root ]] \ + && [[ -n $(getent group "${group}") ]] + then + groupmod -n "${group_new}" "${group}" + fi +} + +function __update_user_login () +{ + local -r user="${1}" + local -r user_new="${2}" + + if [[ ${user_new} != "${user}" ]] \ + && __is_valid_user_login "${user_new}" \ + && __is_valid_user_login "${user}" \ + && [[ -z $(getent passwd "${user_new}") ]] \ + && [[ -n $(getent passwd "${user}") ]] + then + usermod -l "${user_new}" "${user}" + fi +} + +function main () +{ + local -r lock_file="/var/lock/subsys/httpd-bootstrap" + local -r ssl_certificate_fingerprint_digest="sha1" + local -r state_file="/var/lib/misc/httpd-bootstrap" + local -r timer_start="$( + date +%s.%N + )" + + local HOSTNAME + local apache_content_root + local apache_custom_log_format + local apache_custom_log_location + local apache_error_log_level + local apache_error_log_location + local apache_extended_status_enabled + local apache_header_x_service_uid + local apache_mod_ssl_enabled + local apache_mpm + local apache_operating_mode + local apache_public_directory + local apache_run_group + local apache_run_user + local apache_server_alias + local apache_server_name + local apache_ssl_certificate + local apache_ssl_cipher_suite + local apache_ssl_protocol + local apache_system_user + local config_files + local details_modules_enabled_list + local details_ssl_certificate_fingerprint + local document_root + local document_root_file_system + local package_path + local php_options_date_timezone + local php_options_session_name + local php_options_session_save_handler + local php_options_session_save_path + local -a pids + local verbose="false" + + # Parse options + while [[ "${#}" -gt 0 ]] + do + case "${1}" in + -v|--verbose) + verbose="true" + shift 1 + ;; + esac + done + + if [[ -e ${state_file} ]] + then + if [[ ${verbose} == true ]] + then + printf -- \ + 'INFO: %s finished - skipping.\n' \ + "${0##*/}" + fi + exit 0 + fi + + if [[ -e ${lock_file} ]] + then + >&2 printf -- \ + 'ERROR: %s lock detected - aborting.\n' \ + "${0##*/}" + exit 1 + fi + + trap \ + "__cleanup \"${lock_file}\" \"${state_file}\"" \ + INT TERM EXIT + + # Create lock + touch \ + "${lock_file}" + + HOSTNAME="$( + hostname + )" + + apache_content_root="$( + __get_apache_content_root + )" + apache_custom_log_format="$( + __get_apache_custom_log_format + )" + apache_custom_log_location="$( + __get_apache_custom_log_location + )" + apache_error_log_level="$( + __get_apache_error_log_level + )" + apache_error_log_location="$( + __get_apache_error_log_location + )" + apache_extended_status_enabled="$( + __get_apache_extended_status_enabled + )" + apache_header_x_service_uid="$( + __get_apache_header_x_service_uid + )" + apache_mod_ssl_enabled="$( + __get_apache_mod_ssl_enabled + )" + apache_mpm="$( + __get_apache_mpm + )" + apache_operating_mode="$( + __get_apache_operating_mode + )" + apache_public_directory="$( + __get_apache_public_directory + )" + apache_run_group="$( + __get_apache_run_group + )" + apache_run_user="$( + __get_apache_run_user + )" + apache_server_alias="$( + __get_apache_server_alias + )" + apache_server_name="$( + __get_apache_server_name + )" + apache_system_user="$( + __get_apache_system_user + )" + php_options_date_timezone="$( + __get_php_options_date_timezone + )" + php_options_session_name="$( + __get_php_options_session_name + )" + php_options_session_save_handler="$( + __get_php_options_session_save_handler + )" + php_options_session_save_path="$( + __get_php_options_session_save_path + )" + + document_root="$( + __get_apache_document_root + )" + package_path="$( + __get_package_path + )" + + # Verify package installation directory exists + if [[ ! -d ${package_path} ]] + then + >&2 printf -- \ + 'ERROR: %s not found.\n' \ + "${package_path}" + exit 1 + fi + + if [[ ${apache_mod_ssl_enabled} == true ]] + then + apache_ssl_certificate="$( + __get_apache_ssl_certificate + )" + apache_ssl_cipher_suite="$( + __get_apache_ssl_cipher_suite + )" + apache_ssl_protocol="$( + __get_apache_ssl_protocol + )" + + __set_apache_ssl_certificate \ + "${apache_ssl_certificate}" \ + "${apache_server_name}" \ + "${apache_server_alias}" \ + & + pids[1]="${!}" + fi + + __load_php_ini_scan_files \ + "${package_path}" + __set_php_fpm_pool \ + "${apache_run_user}" \ + "${apache_run_group}" + __set_apache_mpm \ + "${apache_mpm}" + __load_httpd_conf_scan_files \ + "${package_path}" + __set_apache_header_x_service_uid \ + "${apache_header_x_service_uid}" + __set_apache_server_name \ + "${apache_server_name}" + __set_apache_mod_ssl_enabled \ + "${apache_mod_ssl_enabled}" + __set_apache_extended_status \ + "${apache_extended_status_enabled}" + + details_modules_enabled_list="$( + __enable_apache_modules + )" + + __set_apache_system_user \ + "${apache_system_user}" + __set_apache_run_user \ + "${apache_run_user}" + __set_apache_run_group \ + "${apache_run_group}" + __set_loopback_hosts_entry \ + "${apache_server_name}" \ + "${apache_server_alias}" + + # Set ownership for fcgid php-wrapper and socket if necessary + if [[ -d /var/run/mod_fcgid ]] \ + && [[ -d ${package_path}/bin ]] + then + chown -R \ + "${apache_run_user}":"${apache_run_group}" \ + {"${package_path}"/bin,/var/run/mod_fcgid} + fi + + __init_datadir \ + "${package_path}" \ + "${apache_content_root}" + + # Verify Apache DocumentRoot directory exists + if [[ ! -d ${document_root} ]] + then + >&2 printf -- \ + 'ERROR: %s not found.\n' \ + "${document_root}" + exit 1 + fi + + document_root_file_system="$( + df -PT "${document_root}" \ + | awk 'NR>1 { print $2 }' + )" + if [[ ${document_root_file_system} == nfs ]] + then + if [[ ${verbose} == true ]] + then + printf -- \ + 'Disabling EnableSendfile.' + fi + __set_apache_enable_sendfile \ + "false" + fi + + config_files="$( + find \ + /etc/httpd \ + /etc/php.d \ + -type f \ + -name *.conf \ + -o \ + -name *.ini \ + | tr '\n' ' ' + )" + + # Replace both environment variables with optional default values or + # mustache style placeholders + sed -r -i \ + -e "s~(\\$\{|\{\{)APACHE_CONTENT_ROOT(\}\}|(:-.+)?\})~${apache_content_root}~g" \ + -e "s~(\\$\{|\{\{)APACHE_CUSTOM_LOG_FORMAT(\}\}|(:-.+)?\})~${apache_custom_log_format}~g" \ + -e "s~(\\$\{|\{\{)APACHE_CUSTOM_LOG_LOCATION(\}\}|(:-.+)?\})~${apache_custom_log_location}~g" \ + -e "s~(\\$\{|\{\{)APACHE_ERROR_LOG_LOCATION(\}\}|(:-.+)?\})~${apache_error_log_location}~g" \ + -e "s~(\\$\{|\{\{)APACHE_ERROR_LOG_LEVEL(\}\}|(:-.+)?\})~${apache_error_log_level}~g" \ + -e "s~(\\$\{|\{\{)APACHE_PUBLIC_DIRECTORY(\}\}|(:-.+)?\})~${apache_public_directory}~g" \ + -e "s~(\\$\{|\{\{)APACHE_RUN_GROUP(\}\}|(:-.+)?\})~${apache_run_group}~g" \ + -e "s~(\\$\{|\{\{)APACHE_RUN_USER(\}\}|(:-.+)?\})~${apache_run_user}~g" \ + -e "s~(\\$\{|\{\{)APACHE_SERVER_ALIAS(\}\}|(:-.+)?\})~${apache_server_alias}~g" \ + -e "s~(\\$\{|\{\{)APACHE_SERVER_NAME(\}\}|(:-.+)?\})~${apache_server_name}~g" \ + -e "s~(\\$\{|\{\{)APACHE_SSL_CIPHER_SUITE(\}\}|(:-.+)?\})~${apache_ssl_cipher_suite}~g" \ + -e "s~(\\$\{|\{\{)APACHE_SSL_PROTOCOL(\}\}|(:-.+)?\})~${apache_ssl_protocol}~g" \ + -e "s~(\\$\{|\{\{)APACHE_SYSTEM_USER(\}\}|(:-.+)?\})~${apache_system_user}~g" \ + -e "s~(\\$\{|\{\{)PHP_OPTIONS_DATE_TIMEZONE(\}\}|(:-.+)?\})~${php_options_date_timezone}~g" \ + -e "s~(\\$\{|\{\{)PHP_OPTIONS_SESSION_NAME(\}\}|(:-.+)?\})~${php_options_session_name}~g" \ + -e "s~(\\$\{|\{\{)PHP_OPTIONS_SESSION_SAVE_HANDLER(\}\}|(:-.+)?\})~${php_options_session_save_handler}~g" \ + -e "s~(\\$\{|\{\{)PHP_OPTIONS_SESSION_SAVE_PATH(\}\}|(:-.+)?\})~${php_options_session_save_path}~g" \ + ${config_files} + + if [[ ${apache_mod_ssl_enabled} == true ]] + then + # Wait for certificate generation if necessary + if [[ -n ${pids[1]} ]] + then + wait ${pids[1]} + fi + + if [[ ${verbose} == true ]] + then + details_ssl_certificate_fingerprint="$( + __get_details_ssl_certificate_fingerprint + )" + fi + fi + + if [[ ${verbose} == true ]] + then + timer_total="$( + __get_timer_total \ + "${timer_start}" + )" + + cat <<-EOT + + ================================================================================ + Apache Details + -------------------------------------------------------------------------------- + custom log location : ${apache_custom_log_location} + custom log format : ${apache_custom_log_format} + document root : ${document_root} (${document_root_file_system}) + error log location : ${apache_error_log_location} + error log level : ${apache_error_log_level} + header x-service-uid : ${apache_header_x_service_uid} + modules enabled : + ${details_modules_enabled_list} + operating mode : ${apache_operating_mode} + run group : ${apache_run_group} + run user : ${apache_run_user} + server alias : ${apache_server_alias} + server mpm : ${apache_mpm,,} + server name : ${apache_server_name} + system user : ${apache_system_user}${details_ssl_certificate_fingerprint} + + ================================================================================ + PHP Details + -------------------------------------------------------------------------------- + date.timezone : ${php_options_date_timezone} + session.name : ${php_options_session_name} + session.save_handler : ${php_options_session_save_handler} + session.save_path : ${php_options_session_save_path} + -------------------------------------------------------------------------------- + ${timer_total} + + EOT + fi +} + +main "${@}" diff --git a/src/usr/sbin/httpd-startup b/src/usr/sbin/httpd-startup deleted file mode 100644 index e8925ac..0000000 --- a/src/usr/sbin/httpd-startup +++ /dev/null @@ -1,208 +0,0 @@ -#!/usr/bin/env bash - -function absolute_path () -{ - local DIRECTORY_PATH="${1:-}" - local VALUE - - if [[ -n ${DIRECTORY_PATH} ]]; then - VALUE="$( - python -c "import os,sys; print os.path.abspath(sys.argv[1])" \ - "${DIRECTORY_PATH}" - )" - fi - - printf -- "%s" "${VALUE}" -} - -function is_valid_apache_content_root () -{ - local DIRECTORY_PATH="${1:-}" - local DIRECTORY_PATH_ABSOLUTE="$( - absolute_path \ - "${DIRECTORY_PATH}" - )" - local VALID_DIRECTORY='^\/(?!\/|bin|dev|etc|lib|lib64|lost+found|media|proc|root|sbin|sys|tmp|usr).+$' - - if grep -qoP "${VALID_DIRECTORY}" <<< "${DIRECTORY_PATH_ABSOLUTE}"; then - return 0 - fi - - return 1 -} - -function get_absolute_apache_custom_log_location () -{ - local CONTENT_ROOT - local VALUE="${APACHE_CUSTOM_LOG_LOCATION:-}" - - if [[ -n ${VALUE} ]] \ - && [[ ! ${VALUE} =~ ^[\.]{,2}/ ]] - then - CONTENT_ROOT="$( - get_apache_content_root - )" - - printf -v \ - VALUE \ - -- '%s/%s' \ - "${CONTENT_ROOT}" \ - "${VALUE}" - fi - - printf -- \ - '%s' \ - "${VALUE}" -} - -function get_absolute_apache_error_log_location () -{ - local CONTENT_ROOT - local VALUE="${APACHE_ERROR_LOG_LOCATION:-}" - - if [[ -n ${VALUE} ]] \ - && [[ ! ${VALUE} =~ ^[\.]{,2}/ ]] - then - CONTENT_ROOT="$( - get_apache_content_root - )" - - printf -v \ - VALUE \ - -- '%s/%s' \ - "${CONTENT_ROOT}" \ - "${VALUE}" - fi - - printf -- \ - '%s' \ - "${VALUE}" -} - -function get_absolute_php_options_session_save_path () -{ - local CONTENT_ROOT - local VALUE="${PHP_OPTIONS_SESSION_SAVE_PATH:-}" - - if [[ ${PHP_OPTIONS_SESSION_SAVE_HANDLER} == files ]] \ - && [[ -n ${VALUE} ]] \ - && [[ ! ${VALUE} =~ ^[\.]{,2}/ ]] - then - CONTENT_ROOT="$( - get_apache_content_root - )" - - printf -v \ - VALUE \ - -- '%s/%s' \ - "${CONTENT_ROOT}" \ - "${VALUE}" - fi - - printf -- \ - '%s' \ - "${VALUE}" -} - -function get_apache_content_root () -{ - local DEFAULT_VALUE="${1:-/var/www/app}" - local VALUE="${APACHE_CONTENT_ROOT:-}" - - if [[ -z ${VALUE} ]] \ - || ! is_valid_apache_content_root "${VALUE}" - then - VALUE="${DEFAULT_VALUE}" - fi - - printf -- "%s" "${VALUE}" -} - -function get_apache_header_x_service_uid () -{ - local HOST_NAME="${HOSTNAME:-}" - local VALUE="${APACHE_HEADER_X_SERVICE_UID:-}" - - if [[ -n ${VALUE} ]]; then - if [[ -z ${HOST_NAME} ]]; then - HOST_NAME="$( - hostname - )" - fi - - # Replace {{HOSTNAME}} with system hostname - VALUE="${VALUE//\{\{HOSTNAME\}\}/${HOST_NAME}}" - fi - - printf -- \ - '%s' \ - "${VALUE}" -} - -function get_apache_server_alias () -{ - local HOST_NAME="${HOSTNAME:-}" - local VALUE="${APACHE_SERVER_ALIAS:-}" - - if [[ -n ${VALUE} ]]; then - if [[ -z ${HOST_NAME} ]]; then - HOST_NAME="$( - hostname - )" - fi - - # Replace {{HOSTNAME}} with system hostname - VALUE="${VALUE//\{\{HOSTNAME\}\}/${HOST_NAME}}" - fi - - printf -- \ - '%s' \ - "${VALUE}" -} - -function get_apache_server_name () -{ - local HOST_NAME="${HOSTNAME:-}" - local VALUE="${APACHE_SERVER_NAME:-}" - - if [[ -z ${HOST_NAME} ]]; then - HOST_NAME="$( - hostname - )" - fi - - if [[ -z ${VALUE} ]]; then - VALUE="${HOST_NAME}" - else - VALUE="${VALUE//\{\{HOSTNAME\}\}/${HOST_NAME}}" - fi - - printf -- \ - '%s' \ - "${VALUE}" -} - -unset BASH_ENV ENV - -export APACHE_CUSTOM_LOG_LOCATION="$( - get_absolute_apache_custom_log_location -)" -export APACHE_ERROR_LOG_LOCATION="$( - get_absolute_apache_error_log_location -)" -export APACHE_HEADER_X_SERVICE_UID="$( - get_apache_header_x_service_uid -)" -export APACHE_SERVER_ALIAS="$( - get_apache_server_alias -)" -export APACHE_SERVER_NAME="$( - get_apache_server_name -)" -export PHP_OPTIONS_SESSION_SAVE_PATH="$( - get_absolute_php_options_session_save_path -)" - -if [[ -n ${@} ]]; then - exec "${@}" -fi diff --git a/src/usr/sbin/httpd-wrapper b/src/usr/sbin/httpd-wrapper index f1c9568..ece28f3 100644 --- a/src/usr/sbin/httpd-wrapper +++ b/src/usr/sbin/httpd-wrapper @@ -1,39 +1,112 @@ #!/usr/bin/env bash -source /etc/httpd-bootstrap.conf +set -e -function get_httpd_bin () +function __get_apache_autostart_httpd_bootstrap () { - local -r HTTPD=/usr/sbin/httpd + local -r default_value="${1:-true}" - if [[ -n ${APACHE_MPM} ]] \ - && [[ -f ${HTTPD}.${APACHE_MPM,,} ]] + local value="${APACHE_AUTOSTART_HTTPD_BOOTSTRAP}" + + if ! __is_valid_apache_autostart_httpd_bootstrap "${value}" + then + value="${default_value}" + fi + + printf -- '%s' "${value}" +} + +function __get_apache_operating_mode () +{ + local -r default_value="${1:-production}" + + local value="${APACHE_OPERATING_MODE}" + + if ! __is_valid_apache_operating_mode "${value}" + then + value="${default_value}" + fi + + printf -- '%s' "${value}" +} + +function __get_httpd_bin () +{ + local -r bin="/usr/sbin/httpd" + local mpm="${APACHE_MPM:-prefork}" + + if [[ -f ${bin}.${mpm,,} ]] then printf -- \ '%s.%s' \ - "${HTTPD}" \ - "${APACHE_MPM,,}" + "${bin}" \ + "${mpm,,}" else printf -- \ '%s' \ - "${HTTPD}" + "${bin}" fi } -readonly HTTPD="$( - get_httpd_bin -)" -readonly NICE=/bin/nice -readonly NICENESS="${APACHE_NICENESS:-10}" - -while true; do - sleep 0.1 - [[ -e /var/lock/subsys/httpd-bootstrap ]] || break -done - -exec ${NICE} \ - -n ${NICENESS} \ - ${HTTPD} \ - -c "ErrorLog /dev/stdout" \ - -DFOREGROUND \ - -D ${APACHE_OPERATING_MODE:-production} +function __is_valid_apache_autostart_httpd_bootstrap () +{ + local -r boolean_value='^(true|false)$' + local -r value="${1}" + + if [[ ${value} =~ ${boolean_value} ]] + then + return 0 + fi + + return 1 +} + +function __is_valid_apache_operating_mode () +{ + local -r valid_pattern='^(production|development|debug)$' + local -r value="${1}" + + if [[ ${value} =~ ${valid_pattern} ]] + then + return 0 + fi + + return 1 +} + +function main () +{ + local -r autostart_bootstrap="$( + __get_apache_autostart_httpd_bootstrap + )" + local -r bin="$( + __get_httpd_bin + )" + local -r bootstrap_state_file="/var/lib/misc/httpd-bootstrap" + local -r nice="/bin/nice" + local -r niceness="10" + local -r mode="$( + __get_apache_operating_mode + )" + + local options="-c \"ErrorLog /dev/stdout\" -D FOREGROUND -D ${mode}" + + if [[ ${autostart_bootstrap} == false ]] + then + # block. + sleep infinity + fi + + until [[ -e ${bootstrap_state_file} ]] + do + sleep 0.1 + done + + # Process via eval to allow for quoted option values. + eval "exec ${nice} \ + -n ${niceness} \ + ${bin} \ + ${options}" +} + +main "${@}" diff --git a/test/health_status b/test/health_status new file mode 100755 index 0000000..25e2f38 --- /dev/null +++ b/test/health_status @@ -0,0 +1,264 @@ +#!/usr/bin/env bash + +function __cleanup () +{ + local -r fifo_path="${1}" + local -r pid="${2:-0}" + + if [[ -p ${fifo_path} ]] + then + rm -f "${fifo_path}" + fi + + if (( ${pid} <= 1 )) + then + return 0 + fi + + kill \ + -15 \ + -- ${pid} \ + > /dev/null \ + 2>&1 +} + +function __print_status () +{ + local -r character_positive='✓' + local -r character_negative='✗' + local colour_negative='\033[1;31m' + local colour_positive='\033[1;32m' + local colour_reset='\033[0m' + local type="${1}" + local message="${2:-${type}}" + + if [[ ${option_quiet} == true ]] + then + return 0 + fi + + # Allow for uncolourised output + if [[ ${option_monochrome} == true ]] + then + unset \ + colour_negative \ + colour_notice \ + colour_positive \ + colour_reset + fi + + case "${type}" in + healthy|starting) + printf -- \ + '%b%s%b %s\n' \ + "${colour_positive}" \ + "${character_positive}" \ + "${colour_reset}" \ + "${message}" + ;; + timeout|unhealthy) + printf -- \ + '%b%s%b %s\n' \ + "${colour_negative}" \ + "${character_negative}" \ + "${colour_reset}" \ + "${message}" \ + >&2 + ;; + esac +} + +function __usage() +{ + cat <<-EOF + Usage: $(basename ${0}) -c [OPTIONS] + $(basename ${0}) --container= [OPTIONS] + $(basename ${0}) [-h|--help] + + Gets health_status events and returns the status. + + Options: + -c, --container=NAME Container name or id. + -h, --help Show this help and exit. + --monochrome Output colour is suppressed. + -q, --quiet Display less message output except for errors. + --since=TIMESTAMP Unix timestamp from which to limit events. + Defaults to start time. + -t, --timeout=SECONDS Timeout value in seconds. Defaults to 10. + Set to 0 for no timeout. + EOF + + exit 1 +} + +function health_status () +{ + local -r fifo_path="$( + mktemp -u + )" + local -r pattern_healthy='^health_status: healthy$' + local -r pattern_starting='^health_status: starting$' + local -r pattern_timeout='^[0-9]+$' + local -r pattern_timestamp='^[0-9]{10}$' + local -r pattern_unhealthy='^health_status: unhealthy$' + + option_monochrome=false + option_quiet=false + local container + local events_command + local health_status + local pid + local since + local since_timestamp="$( + date +%s + )" + local timeout=10 + local until_timestamp + local until + + # Parse options + while [[ "${#}" -gt 0 ]] + do + case "${1}" in + -h|--help) + __usage + break + ;; + --monochrome) + option_monochrome=true + shift 1 + ;; + -c) + if [[ -z ${2} ]] + then + __usage + fi + container="${2}" + shift 2 + ;; + --container=*) + container="${1#*=}" + shift 1 + ;; + -q|--quiet) + option_quiet=true + shift 1 + ;; + --since=*) + since_timestamp="${1#*=}" + shift 1 + ;; + -t) + if [[ -z ${2} ]] + then + __usage + fi + timeout="${2}" + shift 2 + ;; + --timeout=*) + timeout="${1#*=}" + shift 1 + ;; + *) + __usage + ;; + esac + done + + if [[ -z ${container} ]] + then + __usage + fi + + if ! [[ ${timeout} =~ ${pattern_timeout} ]] + then + printf -- \ + '[ERROR] Invalid --time value.\n' \ + >&2 + __usage + fi + + # Set end time limit + until="" + if (( timeout > 0 )) + then + until_timestamp="$(( + $( + date +%s + ) + + ${timeout} + ))" + + until="$( + printf -- \ + '--until %s' \ + "${until_timestamp}" + )" + fi + + # Fail if operator attempts start time limit before end limit. + if ! [[ ${since_timestamp} =~ ${pattern_timestamp} ]] \ + || (( since_timestamp > until_timestamp )) + then + printf -- \ + '[ERROR] Invalid --since value.\n' \ + >&2 + __usage + fi + + # Set start time limit + since="$( + printf -- \ + '--since %s' \ + "${since_timestamp}" + )" + + trap \ + "__cleanup \"${fifo_path}\"" \ + INT TERM EXIT + + mkfifo \ + -m 0600 \ + "${fifo_path}" + + docker events \ + --format '{{.Status}}' \ + --filter "event=health_status" \ + --filter "container=${container}" \ + ${since} \ + ${until} \ + > "${fifo_path}" \ + & + pid="${!}" + disown + + trap \ + "__cleanup \"${fifo_path}\" \"${pid}\"" \ + INT TERM EXIT + + while IFS= read -r health_status || [[ -n ${health_status} ]] + do + if [[ ${health_status} =~ ${pattern_starting} ]] + then + __print_status "starting" + fi + + if [[ ${health_status} =~ ${pattern_healthy} ]] + then + __print_status "healthy" + return 0 + fi + + if [[ ${health_status} =~ ${pattern_unhealthy} ]] + then + __print_status "unhealthy" + return 1 + fi + done < "${fifo_path}" + + __print_status "timeout" + return 1 +} + +health_status "${@}" diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 19f8b35..b88eef8 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -11,7 +11,7 @@ DOCKER_PORT_MAP_TCP_8443="${DOCKER_PORT_MAP_TCP_8443:-NULL}" function __destroy () { - local -r session_store_name="memcached.pool-1.1.1" + local -r session_store_name="memcached.1" local -r session_store_network="bridge_internal_1" # Destroy the session store container @@ -87,9 +87,9 @@ function __is_container_ready () function __setup () { local -r session_store_alias="memcached_1" - local -r session_store_name="memcached.pool-1.1.1" + local -r session_store_name="memcached.1" local -r session_store_network="bridge_internal_1" - local -r session_store_release="1.1.3" + local -r session_store_release="2.2.1" if [[ -z $(docker network ls -q -f name="${session_store_network}") ]]; then docker network create \ @@ -241,20 +241,20 @@ ${other_required_apache_modules} local status=0 describe "Basic Apache PHP operations" - trap "__terminate_container apache-php.pool-1.1.1 &> /dev/null; \ + trap "__terminate_container apache-php.1 &> /dev/null; \ __destroy; \ exit 1" \ INT TERM EXIT __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null describe "Runs named container" docker run \ --detach \ --no-healthcheck \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ jdeathe/centos-ssh-apache-php-fcgi:latest \ &> /dev/null @@ -262,7 +262,7 @@ ${other_required_apache_modules} it "Can publish ${DOCKER_PORT_MAP_TCP_80}:80." container_port_80="$( __get_container_port \ - apache-php.pool-1.1.1 \ + apache-php.1 \ 80/tcp )" @@ -280,7 +280,7 @@ ${other_required_apache_modules} end if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -290,7 +290,7 @@ ${other_required_apache_modules} container_hostname="$( docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ hostname )" @@ -330,7 +330,7 @@ ${other_required_apache_modules} it "Outputs Apache details." apache_details_title="$( docker logs \ - apache-php.pool-1.1.1 \ + apache-php.1 \ | grep '^Apache Details' \ | tr -d '\r' )" @@ -344,7 +344,7 @@ ${other_required_apache_modules} it "Has default system user." apache_system_user="$( docker logs \ - apache-php.pool-1.1.1 \ + apache-php.1 \ | grep '^system user : ' \ | cut -c 15- \ | tr -d '\r' @@ -358,7 +358,7 @@ ${other_required_apache_modules} it "Has default run user." apache_run_user="$( docker logs \ - apache-php.pool-1.1.1 \ + apache-php.1 \ | grep '^run user : ' \ | cut -c 12- \ | tr -d '\r' @@ -372,7 +372,7 @@ ${other_required_apache_modules} it "Has default run group." apache_run_group="$( docker logs \ - apache-php.pool-1.1.1 \ + apache-php.1 \ | grep '^run group : ' \ | cut -c 13- \ | tr -d '\r' @@ -386,7 +386,7 @@ ${other_required_apache_modules} it "Has default server name." apache_server_name="$( docker logs \ - apache-php.pool-1.1.1 \ + apache-php.1 \ | grep '^server name : ' \ | cut -c 15- \ | tr -d '\r' @@ -400,7 +400,7 @@ ${other_required_apache_modules} it "Has default server alias." apache_server_alias="$( docker logs \ - apache-php.pool-1.1.1 \ + apache-php.1 \ | grep '^server alias : ' \ | cut -c 16- \ | tr -d '\r' @@ -414,7 +414,7 @@ ${other_required_apache_modules} it "Has default X-Service-UID header." header_x_service_uid="$( docker logs \ - apache-php.pool-1.1.1 \ + apache-php.1 \ | grep '^header x-service-uid : ' \ | cut -c 24- \ | tr -d '\r' @@ -429,7 +429,7 @@ ${other_required_apache_modules} it "Has default document root." apache_document_root="$( docker logs \ - apache-php.pool-1.1.1 \ + apache-php.1 \ | grep '^document root : ' \ | cut -c 17- \ | tr -d '\r' \ @@ -445,7 +445,7 @@ ${other_required_apache_modules} it "Has default server mpm." apache_server_mpm="$( docker logs \ - apache-php.pool-1.1.1 \ + apache-php.1 \ | grep '^server mpm : ' \ | cut -c 13- \ | tr -d '\r' \ @@ -460,7 +460,7 @@ ${other_required_apache_modules} it "Has default enabled modules." apache_load_modules="$( docker logs \ - apache-php.pool-1.1.1 \ + apache-php.1 \ | sed -ne \ '/^modules enabled :/,/^--+$/ p' \ | awk '/^ - /' @@ -482,7 +482,7 @@ ${other_required_apache_modules} apache_access_log_entry="$( docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tail -n 1 \ /var/www/app/var/log/apache_access_log \ | grep -oE \ @@ -496,7 +496,7 @@ ${other_required_apache_modules} it "Has entries in combined LogFormat." docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tail -n 1 \ /var/www/app/var/log/apache_access_log \ | grep -qE \ @@ -518,7 +518,7 @@ ${other_required_apache_modules} )" docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tail -n 1 \ /var/www/app/var/log/apache_error_log \ &> /dev/null @@ -533,7 +533,7 @@ ${other_required_apache_modules} describe "Apache server-status" it "Is accessible from localhost." docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ curl -s \ --header "Host: ${container_hostname}" \ http://127.0.0.1/server-status\?auto \ @@ -548,7 +548,7 @@ ${other_required_apache_modules} it "Excludes ExtendedStatus information." docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ curl -s \ --header "Host: ${container_hostname}" \ http://127.0.0.1/server-status\?auto \ @@ -594,7 +594,7 @@ ${other_required_apache_modules} describe "Apache modules" all_loaded_apache_modules="$( docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ bash -c "apachectl -M 2>&1 \ | sed -r \ -e '/Loaded Modules:/d' \ @@ -633,7 +633,7 @@ ${other_required_apache_modules} it "Is the service user:group." apache_run_user_group="$( docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ps axo user,group,comm \ | grep httpd \ | tail -n 1 \ @@ -666,7 +666,7 @@ ${other_required_apache_modules} end __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null trap - \ @@ -705,7 +705,7 @@ function test_custom_configuration () local protocol="" describe "Customised Apache PHP configuration" - trap "__terminate_container apache-php.pool-1.1.1 &> /dev/null; \ + trap "__terminate_container apache-php.1 &> /dev/null; \ __destroy; \ exit 1" \ INT TERM EXIT @@ -713,13 +713,13 @@ function test_custom_configuration () describe "Access log" it "Sets common LogFormat." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ --no-healthcheck \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_CUSTOM_LOG_FORMAT="common" \ --env APACHE_SERVER_NAME="app-1.local" \ @@ -727,7 +727,7 @@ function test_custom_configuration () &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -737,7 +737,7 @@ function test_custom_configuration () container_port_80="$( __get_container_port \ - apache-php.pool-1.1.1 \ + apache-php.1 \ 80/tcp )" @@ -747,7 +747,7 @@ function test_custom_configuration () http://127.0.0.1:${container_port_80} docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tail -n 1 \ /var/www/app/var/log/apache_access_log \ | grep -qE \ @@ -761,13 +761,13 @@ function test_custom_configuration () it "Sets a relative path." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ --no-healthcheck \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_CUSTOM_LOG_LOCATION="var/log/access.log" \ --env APACHE_SERVER_NAME="app-1.local" \ @@ -775,7 +775,7 @@ function test_custom_configuration () &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -790,7 +790,7 @@ function test_custom_configuration () apache_access_log_entry="$( docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tail -n 1 \ /var/www/app/var/log/access.log \ | grep -oE \ @@ -804,13 +804,13 @@ function test_custom_configuration () it "Sets an absolute path." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ --no-healthcheck \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_CUSTOM_LOG_LOCATION="/var/log/httpd/access.log" \ --env APACHE_SERVER_NAME="app-1.local" \ @@ -818,7 +818,7 @@ function test_custom_configuration () &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -833,7 +833,7 @@ function test_custom_configuration () apache_access_log_entry="$( docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tail -n 1 \ /var/log/httpd/access.log \ | grep -oE \ @@ -849,12 +849,12 @@ function test_custom_configuration () describe "Error log" it "Sets a relative path." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_ERROR_LOG_LOCATION="var/log/error.log" \ --env APACHE_SERVER_NAME="app-1.local" \ @@ -862,7 +862,7 @@ function test_custom_configuration () &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -876,7 +876,7 @@ function test_custom_configuration () http://127.0.0.1:${container_port_80} docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tail -n 1 \ /var/www/app/var/log/error.log \ &> /dev/null @@ -888,19 +888,19 @@ function test_custom_configuration () it "Sets an absolute path." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_ERROR_LOG_LOCATION="/var/log/httpd/error.log" \ jdeathe/centos-ssh-apache-php-fcgi:latest \ &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -914,7 +914,7 @@ function test_custom_configuration () http://127.0.0.1:${container_port_80} docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tail -n 1 \ /var/log/httpd/error.log \ &> /dev/null @@ -926,12 +926,12 @@ function test_custom_configuration () it "Sets log level (e.g debug)." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_ERROR_LOG_LEVEL="debug" \ --env APACHE_SERVER_NAME="app-1.local" \ @@ -939,7 +939,7 @@ function test_custom_configuration () &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -953,7 +953,7 @@ function test_custom_configuration () http://127.0.0.1:${container_port_80} docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tail -n 1 \ /var/www/app/var/log/apache_error_log \ | grep -qE \ @@ -969,12 +969,12 @@ function test_custom_configuration () describe "Apache ExtendedStatus enabled" it "Is accessible from localhost." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_EXTENDED_STATUS_ENABLED="true" \ --env APACHE_SERVER_NAME="app-1.local" \ @@ -982,7 +982,7 @@ function test_custom_configuration () &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -991,7 +991,7 @@ function test_custom_configuration () fi docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ curl -s \ --header "Host: app-1.local" \ http://127.0.0.1/server-status\?auto \ @@ -1037,12 +1037,12 @@ function test_custom_configuration () describe "X-Service-UID response header." it "Sets a static value." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_HEADER_X_SERVICE_UID="host-name@1.2" \ --env APACHE_SERVER_NAME="app-1.local" \ @@ -1050,7 +1050,7 @@ function test_custom_configuration () &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1074,12 +1074,12 @@ function test_custom_configuration () it "Replaces {{HOSTNAME}}." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_HEADER_X_SERVICE_UID="{{HOSTNAME}}:${DOCKER_PORT_MAP_TCP_80}" \ --hostname app-1.local \ @@ -1087,7 +1087,7 @@ function test_custom_configuration () &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1113,18 +1113,18 @@ function test_custom_configuration () describe "Loading Apache modules" it "Adds rewrite_module." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --env APACHE_LOAD_MODULES="rewrite_module" \ jdeathe/centos-ssh-apache-php-fcgi:latest \ &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1133,7 +1133,7 @@ function test_custom_configuration () fi docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ bash -c "apachectl -M 2>&1 | grep -q rewrite_module" assert equal \ @@ -1145,19 +1145,19 @@ function test_custom_configuration () describe "Server MPM" it "Sets event MPM." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --env APACHE_MPM="event" \ --hostname app-1.local \ jdeathe/centos-ssh-apache-php-fcgi:latest \ &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1166,7 +1166,7 @@ function test_custom_configuration () fi docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ bash -c "apachectl -V 2>&1 | grep -qiE '^Server MPM:[ ]+event$'" assert equal \ @@ -1178,12 +1178,12 @@ function test_custom_configuration () describe "Operating mode (i.e -D )" it "Sets to development." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_OPERATING_MODE="development" \ --hostname app-1.local \ @@ -1191,7 +1191,7 @@ function test_custom_configuration () &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1217,18 +1217,18 @@ function test_custom_configuration () describe "System user (i.e. application owner)" it "Sets name to 'app-user'." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --env APACHE_SYSTEM_USER="app-user" \ jdeathe/centos-ssh-apache-php-fcgi:latest \ &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1238,7 +1238,7 @@ function test_custom_configuration () apache_system_user="$( docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ stat -c '%U' /var/www/app/public_html )" @@ -1251,18 +1251,18 @@ function test_custom_configuration () describe "Process runner" it "Sets user." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --env APACHE_RUN_USER="runner" \ jdeathe/centos-ssh-apache-php-fcgi:latest \ &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1272,7 +1272,7 @@ function test_custom_configuration () apache_run_user="$( docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ps axo user,group,comm \ | grep httpd \ | tail -n 1 \ @@ -1286,18 +1286,18 @@ function test_custom_configuration () it "Sets group." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --env APACHE_RUN_GROUP="runners" \ jdeathe/centos-ssh-apache-php-fcgi:latest \ &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1307,7 +1307,7 @@ function test_custom_configuration () apache_run_group="$( docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ps axo user,group,comm \ | grep httpd \ | tail -n 1 \ @@ -1323,12 +1323,12 @@ function test_custom_configuration () describe "Apache ServerName/ServerAlias" it "Sets a static ServerName." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_SERVER_NAME="app-1.local" \ --env APACHE_SERVER_ALIAS="www.app-1.local" \ @@ -1337,9 +1337,9 @@ function test_custom_configuration () # Add a default VirtualHost that rejects access (403 response). docker exec -i \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tee \ - /etc/services-config/httpd/conf.d/05-virtual-host.conf \ + /etc/httpd/conf.d/05-virtual-host.conf \ 1> /dev/null \ <<-CONFIG @@ -1360,7 +1360,7 @@ function test_custom_configuration () CONFIG if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1369,8 +1369,8 @@ function test_custom_configuration () fi docker exec \ - apache-php.pool-1.1.1 \ - bash -c 'apachectl graceful' + apache-php.1 \ + bash -c 'httpd -k graceful' curl_response_code_default="$( curl -s \ @@ -1410,12 +1410,12 @@ function test_custom_configuration () describe "Apache ServerName" it "Is container hostname." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --hostname php-hello-world \ jdeathe/centos-ssh-apache-php-fcgi:latest \ @@ -1423,9 +1423,9 @@ function test_custom_configuration () # Add a default VirtualHost that rejects access (403 response). docker exec -i \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tee \ - /etc/services-config/httpd/conf.d/05-virtual-host.conf \ + /etc/httpd/conf.d/05-virtual-host.conf \ 1> /dev/null \ <<-CONFIG @@ -1446,7 +1446,7 @@ function test_custom_configuration () CONFIG if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1455,8 +1455,8 @@ function test_custom_configuration () fi docker exec \ - apache-php.pool-1.1.1 \ - bash -c 'apachectl graceful' + apache-php.1 \ + bash -c 'httpd -k graceful' curl_response_code_default="$( curl -s \ @@ -1480,12 +1480,12 @@ function test_custom_configuration () it "Replaces {{HOSTNAME}}." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --hostname php-hello-world \ --env APACHE_SERVER_NAME="{{HOSTNAME}}.localdomain" \ @@ -1494,9 +1494,9 @@ function test_custom_configuration () # Add a default VirtualHost that rejects access (403 response). docker exec -i \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tee \ - /etc/services-config/httpd/conf.d/05-virtual-host.conf \ + /etc/httpd/conf.d/05-virtual-host.conf \ 1> /dev/null \ <<-CONFIG @@ -1517,7 +1517,7 @@ function test_custom_configuration () CONFIG if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1526,8 +1526,8 @@ function test_custom_configuration () fi docker exec \ - apache-php.pool-1.1.1 \ - bash -c 'apachectl graceful' + apache-php.1 \ + bash -c 'httpd -k graceful' curl_response_code_default="$( curl -s \ @@ -1553,12 +1553,12 @@ function test_custom_configuration () describe "Apache ServerAlias" it "Replaces {{HOSTNAME}}." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --hostname php-hello-world \ --env APACHE_SERVER_ALIAS="{{HOSTNAME}}.localdomain" \ @@ -1568,9 +1568,9 @@ function test_custom_configuration () # Add a default VirtualHost that rejects access (403 response). docker exec -i \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tee \ - /etc/services-config/httpd/conf.d/05-virtual-host.conf \ + /etc/httpd/conf.d/05-virtual-host.conf \ 1> /dev/null \ <<-CONFIG @@ -1591,7 +1591,7 @@ function test_custom_configuration () CONFIG if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1600,8 +1600,8 @@ function test_custom_configuration () fi docker exec \ - apache-php.pool-1.1.1 \ - bash -c 'apachectl graceful' + apache-php.1 \ + bash -c 'httpd -k graceful' curl_response_code_default="$( curl -s \ @@ -1627,12 +1627,12 @@ function test_custom_configuration () describe "Apache public directory" it "Sets to 'web'." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_PUBLIC_DIRECTORY="web" \ --hostname app-1.local \ @@ -1642,15 +1642,15 @@ function test_custom_configuration () # For the server to start, the public directory needs to match that # which is being configured for the test. docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ mv /opt/app/public_html /opt/app/web docker restart \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1673,12 +1673,12 @@ function test_custom_configuration () describe "Package path" it "Can be changed." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env APACHE_SERVER_NAME="app-1.local" \ --env PACKAGE_PATH="/opt/php-hw" \ @@ -1687,11 +1687,11 @@ function test_custom_configuration () # For the server to start, the package directory needs to exist. docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ mkdir -p -m 750 /opt/php-hw/{bin,etc/httpd/conf.d,etc/php.d,public_html,var/{log,tmp}} docker exec -i \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tee \ /opt/php-hw/bin/php-wrapper \ 1> /dev/null \ @@ -1718,7 +1718,7 @@ function test_custom_configuration () EOT docker exec -i \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tee \ /opt/php-hw/etc/httpd/conf.d/50-fcgid.conf \ 1> /dev/null \ @@ -1747,7 +1747,7 @@ function test_custom_configuration () CONFIG docker exec -i \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tee \ /opt/php-hw/public_html/index.php \ 1> /dev/null \ @@ -1760,31 +1760,31 @@ function test_custom_configuration () EOT docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ chown -R app:app-www /opt/php-hw docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ find /opt/php-hw -type d -exec chmod 750 {} + docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ find /opt/php-hw/var -type d -exec chmod 770 {} + docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ find /opt/php-hw -type f -exec chmod 640 {} + docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ find /opt/php-hw/bin -type f -exec chmod 750 {} + docker restart \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1807,12 +1807,12 @@ function test_custom_configuration () describe "SSL/TLS (i.e. ssl_module)" it "Can publish ${DOCKER_PORT_MAP_TCP_443}:443." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_443}:443 \ --env APACHE_MOD_SSL_ENABLED="true" \ --env APACHE_SERVER_NAME="app-1.local" \ @@ -1821,12 +1821,12 @@ function test_custom_configuration () container_port_443="$( __get_container_port \ - apache-php.pool-1.1.1 \ + apache-php.1 \ 443/tcp )" if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1878,12 +1878,12 @@ function test_custom_configuration () it "Sets from base64 encoded value." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_443}:443 \ --env APACHE_MOD_SSL_ENABLED="true" \ --env APACHE_SERVER_NAME="www.app-1.local" \ @@ -1893,12 +1893,12 @@ function test_custom_configuration () container_port_443="$( __get_container_port \ - apache-php.pool-1.1.1 \ + apache-php.1 \ 443/tcp )" if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1931,12 +1931,12 @@ function test_custom_configuration () it "Sets from file path value." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_443}:443 \ --env APACHE_MOD_SSL_ENABLED="true" \ --env APACHE_SERVER_NAME="www.app-1.local" \ @@ -1947,12 +1947,12 @@ function test_custom_configuration () container_port_443="$( __get_container_port \ - apache-php.pool-1.1.1 \ + apache-php.1 \ 443/tcp )" if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -1986,12 +1986,12 @@ function test_custom_configuration () it "Sets cipher suite." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_443}:443 \ --env APACHE_MOD_SSL_ENABLED="true" \ --env APACHE_SERVER_NAME="www.app-1.local" \ @@ -2002,12 +2002,12 @@ function test_custom_configuration () container_port_443="$( __get_container_port \ - apache-php.pool-1.1.1 \ + apache-php.1 \ 443/tcp )" if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -2044,12 +2044,12 @@ function test_custom_configuration () it "Sets protocol (e.g TLSv1.2)." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_443}:443 \ --env APACHE_MOD_SSL_ENABLED="true" \ --env APACHE_SERVER_NAME="www.app-1.local" \ @@ -2061,12 +2061,12 @@ function test_custom_configuration () container_port_443="$( __get_container_port \ - apache-php.pool-1.1.1 \ + apache-php.1 \ 443/tcp )" if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -2075,7 +2075,7 @@ function test_custom_configuration () fi apache_ssl_cipher_suite="" - for protocol in ssl3 tls1 tls1_1 tls1_2; do + for protocol in tls1 tls1_1 tls1_2; do cipher_match="$( echo -n \ | openssl s_client \ @@ -2098,18 +2098,18 @@ function test_custom_configuration () assert equal \ "${apache_ssl_cipher_suite}" \ - "0000:0000:0000:DHE-RSA-AES128-SHA" + "0000:0000:DHE-RSA-AES128-SHA" end end describe "Configure autostart" __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --env APACHE_AUTOSTART_HTTPD_BOOTSTRAP=false \ jdeathe/centos-ssh-apache-php:latest \ &> /dev/null @@ -2122,13 +2122,13 @@ function test_custom_configuration () docker ps \ --quiet \ - --filter "name=apache-php.pool-1.1.1" \ + --filter "name=apache-php.1" \ --filter "health=unhealthy" \ &> /dev/null is_up="${?}" docker top \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null \ | grep -qE '/usr/sbin/httpd(\.worker|\.event)? ' @@ -2138,12 +2138,12 @@ function test_custom_configuration () end __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --env APACHE_AUTOSTART_HTTPD_WRAPPER=false \ jdeathe/centos-ssh-apache-php:latest \ &> /dev/null @@ -2154,13 +2154,13 @@ function test_custom_configuration () is_up="1" docker ps \ - --filter "name=apache-php.pool-1.1.1" \ + --filter "name=apache-php.1" \ --filter "health=healthy" \ &> /dev/null is_up="${?}" docker top \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null \ | grep -qE '/usr/sbin/httpd(\.worker|\.event)? ' @@ -2170,26 +2170,26 @@ function test_custom_configuration () end __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null end describe "PHP date.timezone" it "Sets to 'Europe/London'." __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env PHP_OPTIONS_DATE_TIMEZONE="Europe/London" \ jdeathe/centos-ssh-apache-php-fcgi:latest \ &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -2199,7 +2199,7 @@ function test_custom_configuration () php_date_timezone="$( docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ php \ -r \ "printf('%s', ini_get('date.timezone'));" @@ -2213,19 +2213,19 @@ function test_custom_configuration () describe "PHP session.name" __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env PHP_OPTIONS_SESSION_NAME="app-session" \ jdeathe/centos-ssh-apache-php:latest \ &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -2235,7 +2235,7 @@ function test_custom_configuration () container_port_80="$( __get_container_port \ - apache-php.pool-1.1.1 \ + apache-php.1 \ 80/tcp )" @@ -2257,18 +2257,18 @@ function test_custom_configuration () end __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null end describe "PHP memcached session store" __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ + --name apache-php.1 \ --publish ${DOCKER_PORT_MAP_TCP_80}:80 \ --env PHP_OPTIONS_SESSION_SAVE_HANDLER="memcached" \ --env PHP_OPTIONS_SESSION_SAVE_PATH="${session_store_alias}:11211" \ @@ -2277,10 +2277,10 @@ function test_custom_configuration () docker network connect \ ${session_store_network} \ - apache-php.pool-1.1.1 + apache-php.1 if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -2290,11 +2290,11 @@ function test_custom_configuration () # Create scripts that write / read session data. docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ mkdir -p -m 750 /opt/app/public_html/session docker exec -i \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tee \ /opt/app/public_html/session/write.php \ 1> /dev/null \ @@ -2309,7 +2309,7 @@ function test_custom_configuration () EOT docker exec -i \ - apache-php.pool-1.1.1 \ + apache-php.1 \ tee \ /opt/app/public_html/session/read.php \ 1> /dev/null \ @@ -2320,23 +2320,23 @@ function test_custom_configuration () EOT docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ chown -R app:app-www /opt/app/public_html/session docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ find /opt/app/public_html/session -type d -exec chmod 750 {} + docker exec \ - apache-php.pool-1.1.1 \ + apache-php.1 \ find /opt/app/public_html/session -type f -exec chmod 640 {} + docker restart \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null if ! __is_container_ready \ - apache-php.pool-1.1.1 \ + apache-php.1 \ ${STARTUP_TIME} \ "/usr/sbin/httpd(\.worker|\.event)? " \ "[[ 000 != \$(curl -sI -o /dev/null -w %{http_code} localhost/) ]]" @@ -2346,7 +2346,7 @@ function test_custom_configuration () container_port_80="$( __get_container_port \ - apache-php.pool-1.1.1 \ + apache-php.1 \ 80/tcp )" @@ -2409,12 +2409,12 @@ function test_custom_configuration () end __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null end __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null trap - \ @@ -2424,32 +2424,45 @@ function test_custom_configuration () function test_healthcheck () { + local -r event_lag_seconds=2 local -r interval_seconds=1 local -r retries=10 - local health_status="" + local container_id + local events_since_timestamp + local health_status describe "Healthcheck" - trap "__terminate_container apache-php.pool-1.1.1 &> /dev/null; \ + trap "__terminate_container apache-php.1 &> /dev/null; \ __destroy; \ exit 1" \ INT TERM EXIT describe "Default configuration" __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null docker run \ --detach \ - --name apache-php.pool-1.1.1 \ - jdeathe/centos-ssh-apache-php-fcgi:latest \ + --name apache-php.1 \ + jdeathe/centos-ssh-apache-php:latest \ &> /dev/null + events_since_timestamp="$( + date +%s + )" + + container_id="$( + docker ps \ + --quiet \ + --filter "name=apache-php.1" + )" + it "Returns a valid status on starting." health_status="$( docker inspect \ --format='{{json .State.Health.Status}}' \ - apache-php.pool-1.1.1 + apache-php.1 )" assert __shpec_matcher_egrep \ @@ -2457,59 +2470,68 @@ function test_healthcheck () "\"(starting|healthy|unhealthy)\"" end - sleep $( - awk \ - -v interval_seconds="${interval_seconds}" \ - -v startup_time="${STARTUP_TIME}" \ - 'BEGIN { print 1 + interval_seconds + startup_time; }' - ) - it "Returns healthy after startup." + events_timeout="$( + awk \ + -v event_lag="${event_lag_seconds}" \ + -v interval="${interval_seconds}" \ + -v startup_time="${STARTUP_TIME}" \ + 'BEGIN { print event_lag + startup_time + interval; }' + )" + health_status="$( - docker inspect \ - --format='{{json .State.Health.Status}}' \ - apache-php.pool-1.1.1 + test/health_status \ + --container="${container_id}" \ + --since="${events_since_timestamp}" \ + --timeout="${events_timeout}" \ + --monochrome \ + 2>&1 )" assert equal \ "${health_status}" \ - "\"healthy\"" + "✓ healthy" end it "Returns unhealthy on failure." - # sshd-wrapper failure docker exec -t \ - apache-php.pool-1.1.1 \ + apache-php.1 \ bash -c "mv \ /usr/sbin/httpd \ - /usr/sbin/httpd2" - docker exec -t \ - apache-php.pool-1.1.1 \ - bash -c "if [[ -n \$(pgrep -f '^/usr/sbin/httpd ') ]]; then \ - kill -9 \$(pgrep -f '^/usr/sbin/httpd '); \ - fi" + /usr/sbin/httpd2" \ + && docker exec -t \ + apache-php.1 \ + bash -c '/usr/sbin/httpd2 -k stop' - sleep $( + events_since_timestamp="$( + date +%s + )" + + events_timeout="$( awk \ - -v interval_seconds="${interval_seconds}" \ + -v event_lag="${event_lag_seconds}" \ + -v interval="${interval_seconds}" \ -v retries="${retries}" \ - 'BEGIN { print 2 + interval_seconds * retries; }' - ) + 'BEGIN { print (2 * event_lag) + (interval * retries); }' + )" health_status="$( - docker inspect \ - --format='{{json .State.Health.Status}}' \ - apache-php.pool-1.1.1 + test/health_status \ + --container="${container_id}" \ + --since="$(( ${event_lag_seconds} + ${events_since_timestamp} ))" \ + --timeout="${events_timeout}" \ + --monochrome \ + 2>&1 )" assert equal \ "${health_status}" \ - "\"unhealthy\"" + "✗ unhealthy" end end __terminate_container \ - apache-php.pool-1.1.1 \ + apache-php.1 \ &> /dev/null trap - \ From cef349553c62b20fbdca4b663a55befeee5efda1 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 14 Apr 2019 19:45:57 +0100 Subject: [PATCH 2/2] Release changes for 1.12.0 and 2.1.0. --- CHANGELOG.md | 2 +- Dockerfile | 2 +- README.md | 40 ++++++++++++++++++++-------------------- 3 files changed, 22 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5899f3c..6ece466 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ Summary of release changes for Version 2. CentOS-7 7.5.1804 x86_64, Apache 2.4, PHP-CGI 5.4 (FastCGI), PHP memcached 2.2, Zend Opcache 7.0. -### 2.1.0 - Unreleased +### 2.1.0 - 2019-04-14 - Updates `elinks` package to elinks-0.12-0.37.pre6.el7.0.1. - Updates source image to [2.5.1](https://github.com/jdeathe/centos-ssh/releases/tag/2.5.1). diff --git a/Dockerfile b/Dockerfile index 231ce33..8dc2088 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,7 @@ FROM jdeathe/centos-ssh:2.5.1 ARG PACKAGE_NAME="app" ARG PACKAGE_PATH="/opt/${PACKAGE_NAME}" ARG PACKAGE_RELEASE_VERSION="0.11.0" -ARG RELEASE_VERSION="2.0.1" +ARG RELEASE_VERSION="2.1.0" # ------------------------------------------------------------------------------ # - Base install of required packages diff --git a/README.md b/README.md index 581fc4a..bdcfcba 100644 --- a/README.md +++ b/README.md @@ -9,16 +9,16 @@ Apache PHP web server, loading only a minimal set of Apache modules by default. ## Overview & links -- `centos-7`, `centos-7-2.0.1`, `2.0.1` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-7/Dockerfile) -- `centos-6`, `centos-6-1.11.1`, `1.11.1` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/Dockerfile) +- `centos-7`, `centos-7-2.1.0`, `2.1.0` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-7/Dockerfile) +- `centos-6`, `centos-6-1.12.0`, `1.12.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/Dockerfile) #### centos-6 -The latest CentOS-6 based release can be pulled from the centos-6 Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.11.1` or `1.11.1` for the [1.11.1](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/tree/1.11.1) release tag. +The latest CentOS-6 based release can be pulled from the centos-6 Docker tag. It is recommended to select a specific release tag - the convention is `centos-6-1.12.0` or `1.12.0` for the [1.12.0](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/tree/1.12.0) release tag. #### centos-7 -The latest CentOS-7 based release can be pulled from the centos-7 Docker tag. It is recommended to select a specific release tag - the convention is `centos-7-2.0.1` or `2.0.1` for the [2.0.1](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/tree/2.0.1) release tag. +The latest CentOS-7 based release can be pulled from the centos-7 Docker tag. It is recommended to select a specific release tag - the convention is `centos-7-2.1.0` or `2.1.0` for the [2.1.0](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/tree/2.1.0) release tag. This build of [Apache](https://httpd.apache.org/), (httpd CentOS package), uses the [mod_fcgid](https://httpd.apache.org/mod_fcgid/) module to run [PHP](http://php.net/) as a [FastCGI](http://www.fastcgi.com/) process. @@ -47,7 +47,7 @@ $ docker run -d \ --name apache-php.1 \ -p 8080:80 \ -e "APACHE_SERVER_NAME=app-1.local" \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 ``` Now point your browser to `http://{docker-host}:8080` where `{docker-host}` is the host name of your docker server and, if all went well, you should see the "Hello, world!" page. @@ -97,10 +97,10 @@ $ docker run \ --volume /:/media/root \ --env BASH_ENV="" \ --env ENV="" \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 \ + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 \ /usr/sbin/scmi install \ --chroot=/media/root \ - --tag=1.11.1 \ + --tag=2.1.0 \ --name=apache-php.1 ``` @@ -115,10 +115,10 @@ $ docker run \ --volume /:/media/root \ --env BASH_ENV="" \ --env ENV="" \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 \ + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 \ /usr/sbin/scmi uninstall \ --chroot=/media/root \ - --tag=1.11.1 \ + --tag=2.1.0 \ --name=apache-php.1 ``` @@ -133,10 +133,10 @@ $ docker run \ --volume /:/media/root \ --env BASH_ENV="" \ --env ENV="" \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 \ + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 \ /usr/sbin/scmi install \ --chroot=/media/root \ - --tag=1.11.1 \ + --tag=1.12.0 \ --name=apache-php.1 \ --manager=systemd \ --register \ @@ -160,7 +160,7 @@ To see detailed information about the image run `scmi` with the `--info` option. $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.install}}" \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 ) --info" ``` @@ -170,7 +170,7 @@ To perform an installation using the docker name `apache-php.2` simply use the ` $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.install}}" \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 ) --name=apache-php.2" ``` @@ -180,7 +180,7 @@ To uninstall use the *same command* that was used to install but with the `unins $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.uninstall}}" \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 ) --name=apache-php.2" ``` @@ -191,7 +191,7 @@ With the addition of install/uninstall image labels it is possible to use [Proje _NOTE:_ A prerequisite of the following examples is that the image has been pulled (or loaded from the release package). ``` -$ docker pull jdeathe/centos-ssh-apache-php-fcgi:1.11.1 +$ docker pull jdeathe/centos-ssh-apache-php-fcgi:2.1.0 ``` To see detailed information about the image run `scmi` with the `--info` option. To see all available `scmi` options run with the `--help` option. @@ -199,7 +199,7 @@ To see detailed information about the image run `scmi` with the `--info` option. ``` $ sudo -E atomic install \ -n apache-php.3 \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 \ + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 \ --info ``` @@ -208,14 +208,14 @@ To perform an installation using the docker name `apache-php.3` simply use the ` ``` $ sudo -E atomic install \ -n apache-php.3 \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 ``` Alternatively, you could use the `scmi` options `--name` or `-n` for naming the container. ``` $ sudo -E atomic install \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 \ + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 \ --name apache-php.3 ``` @@ -224,7 +224,7 @@ To uninstall use the *same command* that was used to install but with the `unins ``` $ sudo -E atomic uninstall \ -n apache-php.3 \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 ``` #### Environment Variables @@ -353,7 +353,7 @@ $ docker run -d \ --env "APACHE_SERVER_NAME=app-1.local" \ --env "APACHE_MOD_SSL_ENABLED=true" \ --volume apache-php.1.data-tls:/etc/pki/tls \ - jdeathe/centos-ssh-apache-php-fcgi:1.11.1 + jdeathe/centos-ssh-apache-php-fcgi:2.1.0 ``` ##### APACHE_MPM