From 3fcff42cd4b8057c530443fd64ab5e5cc16de1ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charl=C3=A8ne=20Auger?= Date: Tue, 19 Apr 2022 11:38:23 +0200 Subject: [PATCH] Update nightly --- nightly/Dockerfile | 84 ++++++++----------- nightly/docker-compose.yml | 39 +++++++-- nightly/nginx/auth/ocsapi.htpasswd | 1 + nightly/nginx/certs/ocs-dummy.crt | 22 +++++ nightly/nginx/certs/ocs-dummy.key | 28 +++++++ nightly/nginx/conf/ocsinventory.conf.template | 48 +++++++++++ nightly/scripts/docker-entrypoint.sh | 38 +++++---- 7 files changed, 190 insertions(+), 70 deletions(-) create mode 100644 nightly/nginx/auth/ocsapi.htpasswd create mode 100644 nightly/nginx/certs/ocs-dummy.crt create mode 100644 nightly/nginx/certs/ocs-dummy.key create mode 100644 nightly/nginx/conf/ocsinventory.conf.template diff --git a/nightly/Dockerfile b/nightly/Dockerfile index 636ba80..251c4d1 100644 --- a/nightly/Dockerfile +++ b/nightly/Dockerfile @@ -1,4 +1,4 @@ -FROM centos:centos7 +FROM ubuntu:20.04 ENV OCS_VERSION nightly @@ -6,62 +6,46 @@ LABEL maintainer="contact@ocsinventory-ng.org" \ version="${OCS_VERSION}" \ description="OCS Inventory docker image" -ARG YUM_FLAGS="-y" +ARG APT_FLAGS="-y" -ENV APACHE_RUN_USER=apache APACHE_RUN_GROUP=apache \ - APACHE_LOG_DIR=/var/log/httpd APACHE_PID_FILE=/var/run/httpd.pid APACHE_RUN_DIR=/var/run/httpd APACHE_LOCK_DIR=/var/lock/httpd \ +ENV APACHE_RUN_USER=www-data APACHE_RUN_GROUP=www-data \ + APACHE_LOG_DIR=/var/log/apache2 APACHE_PID_FILE=/var/run/apache2/apache2.pid APACHE_RUN_DIR=/var/run/apache2 APACHE_LOCK_DIR=/var/lock/apache2 \ OCS_DB_SERVER=dbsrv OCS_DB_PORT=3306 OCS_DB_USER=ocs OCS_DB_PASS=ocs OCS_DB_NAME=ocsweb \ OCS_LOG_DIR=/var/log/ocsinventory-server OCS_VARLIB_DIR=/var/lib/ocsinventory-reports/ OCS_WEBCONSOLE_DIR=/usr/share/ocsinventory-reports \ OCS_PERLEXT_DIR=/etc/ocsinventory-server/perl/ OCS_PLUGINSEXT_DIR=/etc/ocsinventory-server/plugins/ \ OCS_SSL_ENABLED=0 OCS_SSL_WEB_MODE=DISABLED OCS_SSL_COM_MODE=DISABLED OCS_SSL_KEY=/path/to/key OCS_SSL_CERT=/path/to/cert OCS_SSL_CA=/path/to/ca \ TZ=Europe/Paris +RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + VOLUME /var/lib/ocsinventory-reports /etc/ocsinventory-server /usr/share/ocsinventory-reports/ocsreports/extensions -RUN yum ${YUM_FLAGS} install wget \ +RUN apt-get update && apt-get install -y \ + wget \ curl \ - yum-utils \ - tar \ make \ - yum ${YUM_FLAGS} install epel-release ; \ - wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm ; \ - wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm ; \ - rpm -Uvh remi-release-7.rpm ; \ - yum-config-manager --enable remi-php73 ; \ - yum ${YUM_FLAGS} update ; \ - yum ${YUM_FLAGS} install perl \ - perl-XML-Simple \ - perl-Compress-Zlib \ - perl-DBI perl-DBD-MySQL \ - perl-Net-IP \ - perl-Apache2-SOAP \ - perl-Archive-Zip \ - perl-Mojolicious \ - perl-Plack \ - perl-XML-Entities \ - perl-Switch \ - perl-Apache-DBI \ - httpd \ - php73-php \ - php73-php-cli \ - php73-php-ldap \ - php73-php-gd \ - php73-php-imap \ - php73-php-pdo \ - php73-php-pear \ - php73-php-mbstring \ - php73-php-intl \ - php73-php-mysqlnd \ - php73-php-xml \ - php73-php-xmlrpc \ - php73-php-pecl-mysql \ - php73-php-pecl-mcrypt \ - php73-php-pecl-apcu \ - php73-php-json \ - php73-php-fpm \ - php73-php-soap \ - php73-php-zip \ - php73-php-opcache ; + perl \ + apache2 \ + php \ + libxml-simple-perl \ + libdbi-perl \ + libdbd-mysql-perl \ + libapache-dbi-perl \ + libnet-ip-perl \ + libsoap-lite-perl \ + libarchive-zip-perl \ + libswitch-perl \ + libmojolicious-perl \ + libplack-perl \ + build-essential \ + php-pclzip \ + php-mbstring \ + php-soap \ + php-mysql \ + php-curl \ + php-xml \ + php-zip \ + php-gd RUN wget http://download.ocsinventory-ng.org/nightly/latest.tar.gz -P /tmp && \ tar xzf /tmp/latest.tar.gz -C /tmp; @@ -71,7 +55,7 @@ RUN cd /tmp/OCSNG_UNIX_SERVER/Apache/ && \ make && \ make install ; -WORKDIR /etc/httpd/conf.d +WORKDIR /etc/apache2/conf-available # Redirect Apache2 Logs to stdout e stderr # https://github.com/docker-library/httpd/blob/5f92ab18146f41d1d324e99c5e197bdeda65d063/2.4/Dockerfile#L202 @@ -79,13 +63,13 @@ RUN sed -ri \ -e 's!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g' \ -e 's!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g' \ -e 's!^(\s*TransferLog)\s+\S+!\1 /proc/self/fd/1!g' \ - "/etc/httpd/conf/httpd.conf" + "/etc/apache2/apache2.conf" COPY conf/ /tmp/conf COPY ./scripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh -EXPOSE 80 443 +EXPOSE 80 # https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#entrypoint ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] -CMD ["/usr/sbin/httpd", "-DFOREGROUND"] +CMD ["/usr/sbin/apache2", "-DFOREGROUND"] diff --git a/nightly/docker-compose.yml b/nightly/docker-compose.yml index 3234046..4064472 100644 --- a/nightly/docker-compose.yml +++ b/nightly/docker-compose.yml @@ -6,13 +6,12 @@ services: container_name : ocsinventory-server restart: always ports: - - 80:80 - - 443:443 + - "80" volumes: - "perlcomdata:/etc/ocsinventory-server" - "ocsreportsdata:/usr/share/ocsinventory-reports/ocsreports" - "varlibdata:/var/lib/ocsinventory-reports" - - "httpdconfdata:/etc/httpd/conf.d" + - "httpdconfdata:/etc/apache2/conf-available" environment: OCS_DB_SERVER: ocsinventory-db OCS_DB_USER: ocsuser @@ -28,11 +27,11 @@ services: - ocsdb ocsdb : - image : mysql:5.7 + image : mysql:8.0 container_name : ocsinventory-db restart: always ports : - - 3306:3306 + - "3306" volumes : - ./sql/:/docker-entrypoint-initdb.d/ - sqldata:/var/lib/mysql @@ -43,6 +42,36 @@ services: MYSQL_DATABASE : ocsweb networks: - localocs + + ocsproxy: + image: nginx + container_name: ocsinventory-proxy + restart: always + ports: + - 80:80 + - 443:443 + volumes: + - ./nginx/conf:/etc/nginx/templates + - ./nginx/certs:/etc/nginx/certs + - ./nginx/auth:/etc/nginx/auth + environment: + # 80 or 443 + LISTEN_PORT: 80 + # empty or ssl + PORT_TYPE: "" + SSL_CERT: ocs-dummy.crt + SSL_KEY: ocs-dummy.key + # OCS Api user restriction (default ocsapi/ocapi) + API_AUTH_FILE: ocsapi.htpasswd + # OCS Download + READ_TIMEOUT: 300 + CONNECT_TIMEOUT: 300 + SEND_TIMEOUT: 300 + MAX_BODY_SIZE: 1G + depends_on: + - ocsapplication + networks: + - localocs networks: localocs: diff --git a/nightly/nginx/auth/ocsapi.htpasswd b/nightly/nginx/auth/ocsapi.htpasswd new file mode 100644 index 0000000..0d7ab06 --- /dev/null +++ b/nightly/nginx/auth/ocsapi.htpasswd @@ -0,0 +1 @@ +ocsapi:$apr1$BcAk5f/A$0O5c/DSy92/o.vpwwshWQ. diff --git a/nightly/nginx/certs/ocs-dummy.crt b/nightly/nginx/certs/ocs-dummy.crt new file mode 100644 index 0000000..db62053 --- /dev/null +++ b/nightly/nginx/certs/ocs-dummy.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDlzCCAn+gAwIBAgIUZq+XFJryUuBpkwebSwjSy/hfMCkwDQYJKoZIhvcNAQEL +BQAwWzELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIGA1UEAwwLbXlvY3NzZXJ2ZXIw +HhcNMjIwNDEzMDk0OTUzWhcNMzIwNDEwMDk0OTUzWjBbMQswCQYDVQQGEwJGUjET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRQwEgYDVQQDDAtteW9jc3NlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOQDcGzmYzzgVycXSEZWMJ2TEtnmjouNuUKAVQUcELMkZOk0 +TIRz7QhPIOCiH2bklji+ByyVZg/uXRFJlT/P46rPor/OuRK2Lkrt+APr+FmkLgvf +JHMfm7YRbZuWVRJq0htNNL6szwHEFE99GlRy7SuapkhKSo4qY/LjrrR7E7DnPj/G +7o21ge3OpOfbmx9xVWbEZaJqMOZDt1y3fbp3hQsflVM0AKdg7OoHOBWnv65iJIkN +LtG7Icqcp+8AKnL1PaiMU+P970GTMZyZ0NWVAWgab9+Wl+makTTdDdQgJIhg19og +ReLeYspEQlzXmEz+8JAxWGqsu+HuiZ6ClSl04W0CAwEAAaNTMFEwHQYDVR0OBBYE +FEljOkF7g17RD+pOpJ7M6dovwI9uMB8GA1UdIwQYMBaAFEljOkF7g17RD+pOpJ7M +6dovwI9uMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKA2Fcot +58X97tsLWC6eJrF2MLJzcNeSiiJayG9bT8agsUE8WGq5fvHvf5E54tueCp/q+a7V +k4ZowCJF3RAvAqzRkMLQWaGms0Brz4qRtVvRqhWkP7aMGhUieOS2rTfLZ+TYPKfK +561w8gSpxs9uRXbhnYeUchxJxCUg0CbxQwsjltrvnOF2LVP6JJDtYcc/NiDXhP4W +pTp+EdwXt87VSRkTrqjEQO7/3TMsNjhi0PMFHnQf47ijLt44XaNGKh9pY31Ae9oo +6IuRygJc6QNVoGRmF2bxsorU4i4rA3kR2Ir9AUbxJT6MtuLtx8DGB8Dmp6bKmIv+ +HZH21wRRhwrYJb8= +-----END CERTIFICATE----- diff --git a/nightly/nginx/certs/ocs-dummy.key b/nightly/nginx/certs/ocs-dummy.key new file mode 100644 index 0000000..7470526 --- /dev/null +++ b/nightly/nginx/certs/ocs-dummy.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDkA3Bs5mM84Fcn +F0hGVjCdkxLZ5o6LjblCgFUFHBCzJGTpNEyEc+0ITyDgoh9m5JY4vgcslWYP7l0R +SZU/z+Oqz6K/zrkSti5K7fgD6/hZpC4L3yRzH5u2EW2bllUSatIbTTS+rM8BxBRP +fRpUcu0rmqZISkqOKmPy4660exOw5z4/xu6NtYHtzqTn25sfcVVmxGWiajDmQ7dc +t326d4ULH5VTNACnYOzqBzgVp7+uYiSJDS7RuyHKnKfvACpy9T2ojFPj/e9BkzGc +mdDVlQFoGm/flpfpmpE03Q3UICSIYNfaIEXi3mLKREJc15hM/vCQMVhqrLvh7ome +gpUpdOFtAgMBAAECggEBAM4BGXMaV/CpU7R6wY7i0jubpH2AY6tMGWQu5CGgsKnZ +qN5VpQhKYI6QR0kM0Mg6oEqVzY+HT1X3athynciwf6ZUwFsBX467UGncRKbubEw5 +HG0XZywoE5vUdS4MDcJ9BmUqRQw8vy5+REdo5QAFcahiqfdIP8HgJLtO4Aop5Kl/ +HoLqR83q3vBHfidxTX2z4m05t6ucAbmqLAgAb2GzRHEvdCpSXvs7M9ZyR/rvdhSV +pswWR7XIUic50Lc8tHXyaKinuBFOCWCszsirPLAVPrs1D7Gq8kmdxUEEj0V9VbEE +8afsb9cCojrDISn814WwjX+zVwjRwyr3v3BLHVGu06ECgYEA+1VHUwBTUnHmnMR+ +6XE1nkBStedvXGsMDIxK/VhNXAylUz4kfJ0bMPKdzbxSieHwA8O1+Hg4gN31V2Sn +RgT5P0sLGdideysoy8yR5Aiiwx+7EXGqSQltY2lpaykP9wvpznWi3k/Wd7dAaTCd +jPCtkzoLYMDzaQ9uc4A2VyY00RkCgYEA6D9PPvV6YE8S7G7sGwTSt9mgobZNm1AV +BjDmtEPfDSK59rT8PpoN+225c1qaIIODdH0DHK9ZbPzo/29tW1l9zgGjEXEw396v +Q9y99Ofh0JEsQbJJw/nPdV8dHKOL2ek3UWsscpsk5dUb+4gBpE+/wH21j7UiczKt +a8whmMFw+XUCgYAPYdHCr7NpyVTO5WvLB8W7UL5/KZH0Owz6u59fUAc0CgYYSSZc +hhUC8uZbkBoRHEXfRRwe/+SdZng8iAmAzI8go4wjYdGJl0Og7X1EUo77mDaPw8Aj +RjNusSXljBbRDOabXzG/n21F2G5VwcbyuEw3RYcqvcRn+qzM3tz0in8TCQKBgDe1 +N+T6LOh9DyT3VlsExSakZQtlFyhyBRj/EdebkB0ufzzWHMtHWKM+poUs7ltuMFH4 +yo5O4TxrTdg3ehu3U53edqbwZ7DLUW8Nu+LK3DeTGvKHOXpwqXqV3f3InPsgHczB +0F+NJ0SZ4aRr8zjeiDg77xkRcboAJej9hfGGNPshAoGALPS2HtT/1ycsER3a33NW +A8j/2TfovcjZ9u15q5KDLRZ+3UngLvVwPJO1j/uLPqyyRsQID7SE29KCj/E8kOZH +clbLXZmslyk369HOlpXZEXvR7rDxOt1jdojQrtEyW4gDT8k4iEw8nPcJyJ7YSVp/ +Qa0OOCtQPPvBt0Be1bHTGek= +-----END PRIVATE KEY----- diff --git a/nightly/nginx/conf/ocsinventory.conf.template b/nightly/nginx/conf/ocsinventory.conf.template new file mode 100644 index 0000000..c1b9ee1 --- /dev/null +++ b/nightly/nginx/conf/ocsinventory.conf.template @@ -0,0 +1,48 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# OCS server configuration +# +server { + listen ${LISTEN_PORT} ${PORT_TYPE} default_server; + + ssl_certificate /etc/nginx/certs/${SSL_CERT}; + ssl_certificate_key /etc/nginx/certs/${SSL_KEY}; + + location / { + proxy_redirect off; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_pass http://ocsapplication; + } + + location /ocsapi { + auth_basic "OCS Api area"; + auth_basic_user_file /etc/nginx/auth/${API_AUTH_FILE}; + } + + location /download { + proxy_read_timeout ${READ_TIMEOUT}; + proxy_connect_timeout ${CONNECT_TIMEOUT}; + proxy_send_timeout ${SEND_TIMEOUT}; + client_max_body_size ${MAX_BODY_SIZE}; + } +} \ No newline at end of file diff --git a/nightly/scripts/docker-entrypoint.sh b/nightly/scripts/docker-entrypoint.sh index 301526c..a7a396c 100755 --- a/nightly/scripts/docker-entrypoint.sh +++ b/nightly/scripts/docker-entrypoint.sh @@ -1,10 +1,13 @@ #!/bin/bash -API_CONF_FILE="/etc/httpd/conf.d/zz-ocsinventory-restapi.conf" -SRV_CONF_FILE="/etc/httpd/conf.d/z-ocsinventory-server.conf" -REPORTS_CONF_FILE="/etc/httpd/conf.d/ocsinventory-reports.conf" +API_CONF_FILE="/etc/apache2/conf-available/zz-ocsinventory-restapi.conf" +SRV_CONF_FILE="/etc/apache2/conf-available/z-ocsinventory-server.conf" +REPORTS_CONF_FILE="/etc/apache2/conf-available/ocsinventory-reports.conf" DB_CONFIG_INC_FILE="${OCS_WEBCONSOLE_DIR}/ocsreports/dbconfig.inc.php" +API_ROUTE=$(perl -e "print \"@INC[2]\"") +API_ROUTE_LOADER="${API_ROUTE}/Api/Ocsinventory/Restapi/Loader.pm" + echo echo "+----------------------------------------------------------+" echo "| |" @@ -28,7 +31,7 @@ if [ ! -f $OCS_WEBCONSOLE_DIR/ocsreports/var.php ]; then rm -rf ${DB_CONFIG_INC_FILE} fi; -cp -r /tmp/OCSNG_UNIX_SERVER/Api/ /usr/local/share/perl5 +cp -R /tmp/OCSNG_UNIX_SERVER/Api/ ${API_ROUTE} if [ ! -z ${OCS_DISABLE_API_MODE+x} ]; then echo @@ -64,7 +67,7 @@ echo "| Setting Apache Server Name to '${APACHE_SERVER_NAME:-localhost}'" echo "+----------------------------------------------------------+" echo sed -ri -e "s!^#(ServerName)\s+\S+!\1 ${APACHE_SERVER_NAME:-localhost}:80!g" \ - "/etc/httpd/conf/httpd.conf" + "/etc/apache2/apache2.conf" # Configure z-ocsinventory-server file if [ ! -f ${SRV_CONF_FILE} ] && [ -z ${OCS_DISABLE_COM_MODE+x} ]; then @@ -81,16 +84,16 @@ if [ ! -f ${SRV_CONF_FILE} ] && [ -z ${OCS_DISABLE_COM_MODE+x} ]; then fi # Configure zz-ocsinventory-restapi file -if [ ! -f ${API_CONF_FILE} ] && [ -z ${OCS_DISABLE_API_MODE+x} ]; then - cp /tmp/conf/ocsinventory-restapi.conf ${API_CONF_FILE} - sed -i 's/DATABASE_SERVER/'"$OCS_DB_SERVER"'/g' ${API_CONF_FILE} - sed -i 's/DATABASE_PORT/'"$OCS_DB_PORT"'/g' ${API_CONF_FILE} - sed -i 's/DATABASE_NAME/'"$OCS_DB_NAME"'/g' ${API_CONF_FILE} - sed -i 's/DATABASE_USER/'"$OCS_DB_USER"'/g' ${API_CONF_FILE} - sed -i 's/DATABASE_PASSWD/'"$OCS_DB_PASS"'/g' ${API_CONF_FILE} - sed -i 's/OCS_SSL_ENABLED/'"$OCS_SSL_ENABLED"'/g' ${API_CONF_FILE} - sed -i 's/REST_API_PATH/\/usr\/local\/share\/perl5/g' ${API_CONF_FILE} - sed -i 's/REST_API_LOADER_PATH/\/usr\/local\/share\/perl5\/Api\/Ocsinventory\/Restapi\/Loader.pm/g' ${API_CONF_FILE} +if [ ! -f ${API_CONF_FILE} ] && [ -z ${OCS_DISABLE_API_MODE+x} ] && [ -z ${OCS_DISABLE_COM_MODE+x} ]; then + cp /tmp/conf/ocsinventory-restapi.conf ${API_CONF_FILE} + sed -i 's/DATABASE_SERVER/'"$OCS_DB_SERVER"'/g' ${API_CONF_FILE} + sed -i 's/DATABASE_PORT/'"$OCS_DB_PORT"'/g' ${API_CONF_FILE} + sed -i 's/DATABASE_NAME/'"$OCS_DB_NAME"'/g' ${API_CONF_FILE} + sed -i 's/DATABASE_USER/'"$OCS_DB_USER"'/g' ${API_CONF_FILE} + sed -i 's/DATABASE_PASSWD/'"$OCS_DB_PASS"'/g' ${API_CONF_FILE} + sed -i 's/OCS_SSL_ENABLED/'"$OCS_SSL_ENABLED"'/g' ${API_CONF_FILE} + sed -i 's/REST_API_PATH/'"${API_ROUTE//\//\\/}"'/g' ${API_CONF_FILE} + sed -i 's/REST_API_LOADER_PATH/'"${API_ROUTE_LOADER//\//\\/}"'/g' ${API_CONF_FILE} fi # Replace Variables @@ -156,6 +159,11 @@ cd /tmp shopt -s extglob rm -rf !("conf") +# Enable conf +a2enconf ocsinventory-reports +a2enconf z-ocsinventory-server +a2enconf zz-ocsinventory-restapi + # Apache start if [ ! -d "$APACHE_RUN_DIR" ]; then mkdir "$APACHE_RUN_DIR"