clean

Author: Administrator

Dockerfile

@@ -7,9 +7,12 @@ ENV LDAP_BASE_DN dc=example,dc=com
 ENV LDAP_LOGIN_DN cn=admin,dc=example,dc=com
 ENV LDAP_SERVER_NAME docker.io phpLDAPadmin
 
-# LDAP TLS configs
-# add to run command -v some/host/dir:/etc/ldap/ssl
-# the directory some/host/dir must contain the ldap CA certificat file named ca.crt
+# phpmyadmin SSL certificat and private key filename
+ENV PHPLDAPADMIN_SSL_CRT_FILENAME phpmyadmin.crt
+ENV PHPLDAPADMIN_SSL_KEY_FILENAME phpmyadmin.key
+
+# LDAP CA certificat filename
+ENV LDAP_TLS_CA_NAME ca.crt
 
 # Disable SSH
 # RUN rm -rf /etc/service/sshd /etc/my_init.d/00_regen_ssh_host_keys.sh
@@ -26,21 +29,15 @@ RUN apt-get -y update
 # Install phpLDAPadmin
 RUN LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends phpldapadmin
 
-# Expose port 443 (must match port in phpLDAPadmin.nginx)
-EXPOSE 443
+# Expose http and https default ports
+EXPOSE 80 443
 
-# Create TSL certificats directory
+# Create LDAP CA certificat directory
 RUN mkdir /etc/ldap/ssl
 
 # phpLDAPadmin config
 RUN mkdir -p /etc/my_init.d
 ADD service/phpldapadmin/phpldapadmin.sh /etc/my_init.d/phpldapadmin.sh
 
-# Hide template warnings
-RUN echo "<?php \$config->custom->appearance['hide_template_warning'] = true; ?>" >>/usr/share/phpldapadmin/config/config.php
-
-# phpLDAPadmin nginx config
-ADD service/phpldapadmin/config/phpldapadmin.nginx /etc/nginx/sites-available/phpldapadmin
-
 # Clear out the local repository of retrieved package files
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

service/phpldapadmin/config/phpldapadmin.nginx

@@ -42,10 +42,15 @@ else
   LDAP_SERVER_NAME=${LDAP_SERVER_NAME}
 fi
 
+PHPLDAPADMIN_SSL_CRT_FILENAME=${PHPLDAPADMIN_SSL_CRT_FILENAME}
+PHPLDAPADMIN_SSL_KEY_FILENAME=${PHPLDAPADMIN_SSL_KEY_FILENAME}
+
+LDAP_TLS_CA_NAME=${LDAP_TLS_CA_NAME}
+
 if [ ! -e /etc/phpldapadmin/docker_bootstrapped ]; then
   status "configuring LDAP for first run"
 
-  if [ -e /etc/ldap/ssl/ca.crt ]; then
+  if [ -e /etc/ldap/ssl/$LDAP_TLS_CA_NAME ]; then
     # LDAP  CA
     sed -i "s/TLS_CACERT.*/TLS_CACERT       \/etc\/ldap\/ssl\/ca.crt/g" /etc/ldap/ldap.conf
     sed -i '/TLS_CACERT/a\TLS_CIPHER_SUITE        HIGH:MEDIUM:+SSLv3' /etc/ldap/ldap.conf
@@ -63,8 +68,11 @@ if [ ! -e /etc/phpldapadmin/docker_bootstrapped ]; then
   # See http://stackoverflow.com/questions/20673186/getting-error-for-setting-password-feild-when-creating-generic-user-account-phpl
   sed -i "s/'password_hash'/'password_hash_custom'/" /usr/share/phpldapadmin/lib/TemplateRender.php
 
+  # Hide template warnings
+  sed -i "s:// \$config->custom->appearance\['hide_template_warning'\] = false;:\$config->custom->appearance\[\'hide_template_warning\'\] = true;:g" /etc/phpldapadmin/config.php
+
   # nginx config (tools from osixia/baseimage)
-  /sbin/nginx-add-vhost localhost /usr/share/phpldapadmin/htdocs php ssl
+  /sbin/nginx-add-vhost localhost /usr/share/phpldapadmin/htdocs --php --ssl --ssl-crt=/etc/nginx/ssl/$PHPLDAPADMIN_SSL_CRT_FILENAME --ssl-key=/etc/nginx/ssl/$PHPLDAPADMIN_SSL_KEY_FILENAME
   /sbin/nginx-remove-vhost default
 
   touch /etc/phpldapadmin/docker_bootstrapped

service/phpldapadmin/phpldapadmin.sh

@@ -12,12 +12,12 @@ dir=$(dirname $0)
 runOptions="--link osixia-phpldapadmin-openldap:ldap"
 . $dir/tools/run-container.sh
 
-echo "curl -c $testDir/cookie.txt $IP"
-curl -c $testDir/cookie.txt $IP
+echo "curl --insecure -c $testDir/cookie.txt https://$IP"
+curl --insecure -c $testDir/cookie.txt https://$IP
 
-echo "curl http://$IP/cmd.php -L -b $testDir/cookie.txt  -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0'  -H 'Connection: keep-alive' --data 'cmd=login&server_id=1&nodecode%5Blogin_pass%5D=1&login=cn%3Dadmin%2Cdc%3Dexample%2Cdc%3Dcom&login_pass=toor&submit=Authenticate' --compressed"
+echo "curl --insecure  https://$IP/cmd.php -L -b $testDir/cookie.txt  -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0'  -H 'Connection: keep-alive' --data 'cmd=login&server_id=1&nodecode%5Blogin_pass%5D=1&login=cn%3Dadmin%2Cdc%3Dexample%2Cdc%3Dcom&login_pass=toor&submit=Authenticate' --compressed"
 
-curl http://$IP/cmd.php -L -b $testDir/cookie.txt  -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0'  -H 'Connection: keep-alive' --data 'cmd=login&server_id=1&nodecode%5Blogin_pass%5D=1&login=cn%3Dadmin%2Cdc%3Dexample%2Cdc%3Dcom&login_pass=toor&submit=Authenticate' --compressed
+curl --insecure https://$IP/cmd.php -L -b $testDir/cookie.txt  -H 'Accept-Encoding: gzip,deflate,sdch' -H 'Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H 'Cache-Control: max-age=0'  -H 'Connection: keep-alive' --data 'cmd=login&server_id=1&nodecode%5Blogin_pass%5D=1&login=cn%3Dadmin%2Cdc%3Dexample%2Cdc%3Dcom&login_pass=toor&submit=Authenticate' --compressed
 
 docker.io stop $openldap
 docker.io rm $openldap

test/link.sh

@@ -3,7 +3,7 @@
 dir=$(dirname $0)
 . $dir/tools/run-container.sh
 
-echo "curl $IP"
-curl $IP
+echo "curl --insecure https://$IP"
+curl --insecure https://$IP
 
 $dir/tools/delete-container.sh