forked from mpyne-navy/nginx-cac
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
53 lines (43 loc) · 2.22 KB
/
Dockerfile
File metadata and controls
53 lines (43 loc) · 2.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# Dockerfile for a sample container that runs NGINX web server and uses it to
# do SSL client verification, trusting the DoD PKI.
#
# In other words you can login to this web server and require CAC just like DoD
# websites do, but without having to go through DISA IASE. :) :) :)
#
# NGINX will set headers in this config (see default.conf) to let you extract
# the serial identifier and the subject name if you wish.
# TODO: NGINX maintains an official Docker image... is it better to start from
# that?
# alpine:latest has ssl pkg conflict weirdness (20 June 2019), 3.8 does not
FROM alpine:3.8
# workaround for failing InnoDB database initialization using MariaDB 10.2.x & up (tried 10.3.15)
# ref: https://bugs.alpinelinux.org/issues/9046
RUN echo "http://dl-5.alpinelinux.org/alpine/v3.7/main" >> /etc/apk/repositories
RUN echo -e "mariadb<10.1.99\nmariadb-client<10.1.99\nmariadb-common<10.1.99" >> /etc/apk/world
RUN apk update
RUN apk add nginx && mkdir -p /run/nginx /www/data
RUN apk add bash && apk add mariadb && \
apk add imagemagick && apk add ghostscript && \
apk add php && apk add php-pear && apk add php-fpm && apk add php-mysqli
RUN pecl channel-update pear.php.net && pear channel update pear.php.net && pecl install imagick
# Provided in this Docker package, and relatively simple configs
COPY default.conf /etc/nginx/conf.d
# The Makefile will generate DoDRoots.crt (the DoD root + intermediate certs
# concatenated) by downloading the certs from the cyber.mil IASE website. NGINX
# needs these certs to setup the CA it trusts for client authentication.
#
# See also the default.conf's configuration where we permit NGINX to have
# multiple intermediate certs.
COPY DoDRoots.crt /etc/nginx
# Self-signed certificates generated by the Makefile.
# server cert
#COPY localhost-certificate.pem /etc/nginx
# server privkey
#COPY localhost-key.pem /etc/nginx
# uncomment if you're building a new website
#COPY ./www /www
#COPY ./run.sh /www
EXPOSE 443/tcp
EXPOSE 5432/tcp
#ENTRYPOINT ["/usr/sbin/nginx", "-q", "-g", "daemon off;"]
CMD ["/bin/sh", "-c", "chown -R mysql.mysql /www/database; /usr/bin/mysqld_safe --defaults-file=/www/database/my.cnf --datadir=/www/database/data & /usr/sbin/php-fpm7; exec nginx -g 'daemon off;';"]