diff options
Diffstat (limited to 'docker')
| -rw-r--r-- | docker/apache/http/conf.d/ssl.conf | 1 | ||||
| -rw-r--r-- | docker/apache/http/httpd.conf | 97 | ||||
| -rw-r--r-- | docker/apache/https/conf.d/ssl.conf | 19 | ||||
| -rw-r--r-- | docker/apache/https/httpd.conf | 102 | ||||
| -rwxr-xr-x | docker/docker-entrypoint.sh | 34 | ||||
| -rw-r--r-- | docker/gen_config.php | 90 | ||||
| -rw-r--r-- | docker/tor/Dockerfile | 18 | ||||
| -rw-r--r-- | docker/tor/torrc | 1 |
8 files changed, 362 insertions, 0 deletions
diff --git a/docker/apache/http/conf.d/ssl.conf b/docker/apache/http/conf.d/ssl.conf new file mode 100644 index 0000000..1357f56 --- /dev/null +++ b/docker/apache/http/conf.d/ssl.conf @@ -0,0 +1 @@ +# intentionally blank diff --git a/docker/apache/http/httpd.conf b/docker/apache/http/httpd.conf new file mode 100644 index 0000000..f496ba5 --- /dev/null +++ b/docker/apache/http/httpd.conf @@ -0,0 +1,97 @@ +Listen 80
+ServerTokens OS
+ServerRoot /var/www
+ServerSignature On
+ServerName localhost
+
+DocumentRoot "/var/www/html/4get"
+
+LogLevel warn
+CustomLog /dev/null common
+ErrorLog /dev/null
+
+<Directory "/var/www/html/4get">
+ RewriteEngine On
+ RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/
+ RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301]
+ RewriteCond %{REQUEST_FILENAME}.php -f
+ RewriteRule .* $0.php
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+</Directory>
+
+# deny access to private resources
+<Directory "/var/www/html/4get/data">
+ Require all denied
+ <Files "*">
+ Require all denied
+ </Files>
+</Directory>
+
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule env_module modules/mod_env.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule status_module modules/mod_status.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule negotiation_module modules/mod_negotiation.so
+
+<IfModule unixd_module>
+User apache
+Group apache
+</IfModule>
+
+
+
+<Directory />
+ AllowOverride none
+ Require all denied
+</Directory>
+
+
+
+
+<IfModule dir_module>
+ DirectoryIndex index.html
+</IfModule>
+
+<Files ".ht*">
+ Require all denied
+</Files>
+
+
+
+<IfModule headers_module>
+ RequestHeader unset Proxy early
+</IfModule>
+
+<IfModule mime_module>
+ TypesConfig /etc/apache2/mime.types
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+</IfModule>
+
+<IfModule mime_magic_module>
+ MIMEMagicFile /etc/apache2/magic
+</IfModule>
+
+IncludeOptional /etc/apache2/conf.d/*.conf
+
diff --git a/docker/apache/https/conf.d/ssl.conf b/docker/apache/https/conf.d/ssl.conf new file mode 100644 index 0000000..7b0dd15 --- /dev/null +++ b/docker/apache/https/conf.d/ssl.conf @@ -0,0 +1,19 @@ +LoadModule ssl_module modules/mod_ssl.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + +SSLRandomSeed startup file:/dev/urandom 512 +SSLRandomSeed connect builtin + +Listen 443 + +SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH +SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH +SSLHonorCipherOrder on + +SSLProtocol all -SSLv3 +SSLProxyProtocol all -SSLv3 + +SSLPassPhraseDialog builtin + +SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)" +SSLSessionCacheTimeout 300 diff --git a/docker/apache/https/httpd.conf b/docker/apache/https/httpd.conf new file mode 100644 index 0000000..ca5edf5 --- /dev/null +++ b/docker/apache/https/httpd.conf @@ -0,0 +1,102 @@ +ServerTokens OS
+ServerRoot /var/www
+ServerSignature On
+ServerName localhost
+
+DocumentRoot "/var/www/html/4get"
+
+LogLevel warn
+CustomLog /dev/null common
+ErrorLog /dev/null
+
+<VirtualHost *:443>
+ SSLEngine on
+ SSLCertificateFile /etc/4get/certs/fullchain.pem
+ SSLCertificateKeyFile /etc/4get/certs/privkey.pem
+</VirtualHost>
+
+<Directory "/var/www/html/4get">
+ RewriteEngine On
+ RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/
+ RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301]
+ RewriteCond %{REQUEST_FILENAME}.php -f
+ RewriteRule .* $0.php
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+</Directory>
+
+# deny access to private resources
+<Directory "/var/www/html/4get/data">
+ Require all denied
+ <Files "*">
+ Require all denied
+ </Files>
+</Directory>
+
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule env_module modules/mod_env.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule status_module modules/mod_status.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule negotiation_module modules/mod_negotiation.so
+
+<IfModule unixd_module>
+User apache
+Group apache
+</IfModule>
+
+
+
+<Directory />
+ AllowOverride none
+ Require all denied
+</Directory>
+
+
+
+
+<IfModule dir_module>
+ DirectoryIndex index.html
+</IfModule>
+
+<Files ".ht*">
+ Require all denied
+</Files>
+
+
+
+<IfModule headers_module>
+ RequestHeader unset Proxy early
+</IfModule>
+
+<IfModule mime_module>
+ TypesConfig /etc/apache2/mime.types
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+</IfModule>
+
+<IfModule mime_magic_module>
+ MIMEMagicFile /etc/apache2/magic
+</IfModule>
+
+IncludeOptional /etc/apache2/conf.d/*.conf
+
diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh new file mode 100755 index 0000000..53e7654 --- /dev/null +++ b/docker/docker-entrypoint.sh @@ -0,0 +1,34 @@ +#!/bin/sh +set -e + +# remove quotes from variable if present +FOURGET_PROTO="${FOURGET_PROTO%\"}" +FOURGET_PROTO="${FOURGET_PROTO#\"}" + +# make lowercase +FOURGET_PROTO=`echo $FOURGET_PROTO | awk '{print tolower($0)}'` + +FOURGET_SRC='/var/www/html/4get' + +mkdir -p /etc/apache2 + +if [ "$FOURGET_PROTO" = "https" ]; then + echo "Using https configuration" + cp -r ${FOURGET_SRC}/docker/apache/https/httpd.conf /etc/apache2 + cp -r ${FOURGET_SRC}/docker/apache/https/conf.d/* /etc/apache2/conf.d + +else + echo "Using http configuration" + cp -r ${FOURGET_SRC}/docker/apache/http/httpd.conf /etc/apache2 + cp -r ${FOURGET_SRC}/docker/apache/http/conf.d/* /etc/apache2/conf.d +fi + +php ./docker/gen_config.php + +if [ "$@" = "start" ]; then + echo "4get is running" + exec httpd -DFOREGROUND +else + exec "$@" +fi + diff --git a/docker/gen_config.php b/docker/gen_config.php new file mode 100644 index 0000000..b9e7730 --- /dev/null +++ b/docker/gen_config.php @@ -0,0 +1,90 @@ + <?php + +include "/var/www/html/4get/data/config.php"; + +$refl = new ReflectionClass('config'); +$from_config = ($refl->getConstants()); +$from_env = array(); + +$env = getenv(); +$fourget_env = array_filter($env, function($v, $k) { + return str_starts_with($k, "FOURGET"); +}, ARRAY_FILTER_USE_BOTH); + +foreach($fourget_env as $key => $val) { + $target_key = preg_replace('/^FOURGET_/', '', $key); + $from_env[$target_key] = trim($val, '\'"'); +}; + +$merged_config = array_merge($from_config, $from_env); + +function type_to_string($n) { + $type = gettype($n); + if ($type === "NULL") { + return "null"; + } + if ($type === "boolean") { + return $n ? 'true' : 'false'; + } + if ($type === "string") { + if(is_numeric($n)) { + return $n; + } + return "\"$n\""; + } + if ($type === "array") { + return json_encode($n, JSON_UNESCAPED_SLASHES); + } + return $n; +} + + +function detect_captcha_dirs() { + $captcha_dir = "/var/www/html/4get/data/captcha/"; + $categories = (array_map(function ($n) { + return explode("/", $n)[7]; + }, glob($captcha_dir . "*"))); + + + $result = array_map(function($category) { + return [$category, count(glob("/var/www/html/4get/data/captcha/" . $category . "/*" ))]; + }, $categories); + + return $result; +} + + +$special_keys = ["PROTO", "CAPTCHA_DATASET"]; + +$output = "<?php\n // This file was generated by docker/gen_config.php\n"; + +$output = $output . "class config {\n"; +foreach(($merged_config) as $key => $val){ + if(!in_array($key, $special_keys)) { + $stored_value = $val; + // conversion between arrays and comma separated env value. + // Handle case when original type of field is array and there is a type mismatch when a comma separted string is passed, + // then split on comma if string (and not numeric, boolean, null, etc) + // + // except in the case where the inital value in default config is null or boolean. Assuming null and boolean + // in default config will be never be assigned an array + + if(gettype($from_config[$key]) != gettype($val) && !is_numeric($val) && !is_null($from_config[$key]) && gettype($from_config[$key]) != "boolean") { + $stored_value = explode(",", $val); + } + $output = $output . "\tconst " . $key . " = " . type_to_string($stored_value) . ";\n"; + + continue; + } + + + if($key === "CAPTCHA_DATASET") { + $output = $output . "\tconst " . $key . " = " . type_to_string(detect_captcha_dirs()) . ";\n"; + } +} + +$output = $output . "}\n"; +$output = $output . "?>"; + +file_put_contents("./data/config.php", $output); +?> diff --git a/docker/tor/Dockerfile b/docker/tor/Dockerfile new file mode 100644 index 0000000..9310f68 --- /dev/null +++ b/docker/tor/Dockerfile @@ -0,0 +1,18 @@ +FROM alpine:edge + +RUN apk add --no-cache curl tor + +EXPOSE 9050 + +HEALTHCHECK --interval=60s --timeout=15s --start-period=20s \ + CMD curl -x socks5h://127.0.0.1:9050 'https://check.torproject.org/api/ip' | grep -qm1 -E '"IsTor"\s*:\s*true' + + +# default owner is tor, but running as root to avoid docker volume mount issue +RUN chown -R root:root /var/lib/tor + +VOLUME ["/var/lib/tor/4get"] + +COPY ./torrc /etc/tor/torrc + +ENTRYPOINT ["/usr/bin/tor"] diff --git a/docker/tor/torrc b/docker/tor/torrc new file mode 100644 index 0000000..da32a7a --- /dev/null +++ b/docker/tor/torrc @@ -0,0 +1 @@ +SocksPort 0.0.0.0:9050 |