From cdf958d29333d448f4521f4d2faa2592b58e9b27 Mon Sep 17 00:00:00 2001 From: lolcat Date: Sun, 10 Aug 2025 21:55:15 -0400 Subject: fix wikipedia crash --- docker/apache/http/conf.d/ssl.conf | 1 + docker/apache/http/httpd.conf | 97 ++++++++++++++++++++++++++++++++++ docker/apache/https/conf.d/ssl.conf | 19 +++++++ docker/apache/https/httpd.conf | 102 ++++++++++++++++++++++++++++++++++++ docker/docker-entrypoint.sh | 34 ++++++++++++ docker/gen_config.php | 90 +++++++++++++++++++++++++++++++ docker/tor/Dockerfile | 18 +++++++ docker/tor/torrc | 1 + 8 files changed, 362 insertions(+) create mode 100644 docker/apache/http/conf.d/ssl.conf create mode 100644 docker/apache/http/httpd.conf create mode 100644 docker/apache/https/conf.d/ssl.conf create mode 100644 docker/apache/https/httpd.conf create mode 100755 docker/docker-entrypoint.sh create mode 100644 docker/gen_config.php create mode 100644 docker/tor/Dockerfile create mode 100644 docker/tor/torrc (limited to 'docker') diff --git a/docker/apache/http/conf.d/ssl.conf b/docker/apache/http/conf.d/ssl.conf new file mode 100644 index 0000000..1357f56 --- /dev/null +++ b/docker/apache/http/conf.d/ssl.conf @@ -0,0 +1 @@ +# intentionally blank diff --git a/docker/apache/http/httpd.conf b/docker/apache/http/httpd.conf new file mode 100644 index 0000000..f496ba5 --- /dev/null +++ b/docker/apache/http/httpd.conf @@ -0,0 +1,97 @@ +Listen 80 +ServerTokens OS +ServerRoot /var/www +ServerSignature On +ServerName localhost + +DocumentRoot "/var/www/html/4get" + +LogLevel warn +CustomLog /dev/null common +ErrorLog /dev/null + + + RewriteEngine On + RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ + RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] + RewriteCond %{REQUEST_FILENAME}.php -f + RewriteRule .* $0.php + Options FollowSymLinks + AllowOverride None + Require all granted + + +# deny access to private resources + + Require all denied + + Require all denied + + + +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule filter_module modules/mod_filter.so +LoadModule mime_module modules/mod_mime.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule env_module modules/mod_env.so +LoadModule headers_module modules/mod_headers.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule dir_module modules/mod_dir.so +LoadModule alias_module modules/mod_alias.so +LoadModule negotiation_module modules/mod_negotiation.so + + +User apache +Group apache + + + + + + AllowOverride none + Require all denied + + + + + + + DirectoryIndex index.html + + + + Require all denied + + + + + + RequestHeader unset Proxy early + + + + TypesConfig /etc/apache2/mime.types + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + + + MIMEMagicFile /etc/apache2/magic + + +IncludeOptional /etc/apache2/conf.d/*.conf + diff --git a/docker/apache/https/conf.d/ssl.conf b/docker/apache/https/conf.d/ssl.conf new file mode 100644 index 0000000..7b0dd15 --- /dev/null +++ b/docker/apache/https/conf.d/ssl.conf @@ -0,0 +1,19 @@ +LoadModule ssl_module modules/mod_ssl.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + +SSLRandomSeed startup file:/dev/urandom 512 +SSLRandomSeed connect builtin + +Listen 443 + +SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH +SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH +SSLHonorCipherOrder on + +SSLProtocol all -SSLv3 +SSLProxyProtocol all -SSLv3 + +SSLPassPhraseDialog builtin + +SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)" +SSLSessionCacheTimeout 300 diff --git a/docker/apache/https/httpd.conf b/docker/apache/https/httpd.conf new file mode 100644 index 0000000..ca5edf5 --- /dev/null +++ b/docker/apache/https/httpd.conf @@ -0,0 +1,102 @@ +ServerTokens OS +ServerRoot /var/www +ServerSignature On +ServerName localhost + +DocumentRoot "/var/www/html/4get" + +LogLevel warn +CustomLog /dev/null common +ErrorLog /dev/null + + + SSLEngine on + SSLCertificateFile /etc/4get/certs/fullchain.pem + SSLCertificateKeyFile /etc/4get/certs/privkey.pem + + + + RewriteEngine On + RewriteCond %{THE_REQUEST} ^\w+\ /(.*)\.php(\?.*)?\ HTTP/ + RewriteRule ^ http://%{HTTP_HOST}/%1 [R=301] + RewriteCond %{REQUEST_FILENAME}.php -f + RewriteRule .* $0.php + Options FollowSymLinks + AllowOverride None + Require all granted + + +# deny access to private resources + + Require all denied + + Require all denied + + + +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule filter_module modules/mod_filter.so +LoadModule mime_module modules/mod_mime.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule env_module modules/mod_env.so +LoadModule headers_module modules/mod_headers.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule version_module modules/mod_version.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule dir_module modules/mod_dir.so +LoadModule alias_module modules/mod_alias.so +LoadModule negotiation_module modules/mod_negotiation.so + + +User apache +Group apache + + + + + + AllowOverride none + Require all denied + + + + + + + DirectoryIndex index.html + + + + Require all denied + + + + + + RequestHeader unset Proxy early + + + + TypesConfig /etc/apache2/mime.types + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + + + MIMEMagicFile /etc/apache2/magic + + +IncludeOptional /etc/apache2/conf.d/*.conf + diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh new file mode 100755 index 0000000..53e7654 --- /dev/null +++ b/docker/docker-entrypoint.sh @@ -0,0 +1,34 @@ +#!/bin/sh +set -e + +# remove quotes from variable if present +FOURGET_PROTO="${FOURGET_PROTO%\"}" +FOURGET_PROTO="${FOURGET_PROTO#\"}" + +# make lowercase +FOURGET_PROTO=`echo $FOURGET_PROTO | awk '{print tolower($0)}'` + +FOURGET_SRC='/var/www/html/4get' + +mkdir -p /etc/apache2 + +if [ "$FOURGET_PROTO" = "https" ]; then + echo "Using https configuration" + cp -r ${FOURGET_SRC}/docker/apache/https/httpd.conf /etc/apache2 + cp -r ${FOURGET_SRC}/docker/apache/https/conf.d/* /etc/apache2/conf.d + +else + echo "Using http configuration" + cp -r ${FOURGET_SRC}/docker/apache/http/httpd.conf /etc/apache2 + cp -r ${FOURGET_SRC}/docker/apache/http/conf.d/* /etc/apache2/conf.d +fi + +php ./docker/gen_config.php + +if [ "$@" = "start" ]; then + echo "4get is running" + exec httpd -DFOREGROUND +else + exec "$@" +fi + diff --git a/docker/gen_config.php b/docker/gen_config.php new file mode 100644 index 0000000..b9e7730 --- /dev/null +++ b/docker/gen_config.php @@ -0,0 +1,90 @@ + getConstants()); +$from_env = array(); + +$env = getenv(); +$fourget_env = array_filter($env, function($v, $k) { + return str_starts_with($k, "FOURGET"); +}, ARRAY_FILTER_USE_BOTH); + +foreach($fourget_env as $key => $val) { + $target_key = preg_replace('/^FOURGET_/', '', $key); + $from_env[$target_key] = trim($val, '\'"'); +}; + +$merged_config = array_merge($from_config, $from_env); + +function type_to_string($n) { + $type = gettype($n); + if ($type === "NULL") { + return "null"; + } + if ($type === "boolean") { + return $n ? 'true' : 'false'; + } + if ($type === "string") { + if(is_numeric($n)) { + return $n; + } + return "\"$n\""; + } + if ($type === "array") { + return json_encode($n, JSON_UNESCAPED_SLASHES); + } + return $n; +} + + +function detect_captcha_dirs() { + $captcha_dir = "/var/www/html/4get/data/captcha/"; + $categories = (array_map(function ($n) { + return explode("/", $n)[7]; + }, glob($captcha_dir . "*"))); + + + $result = array_map(function($category) { + return [$category, count(glob("/var/www/html/4get/data/captcha/" . $category . "/*" ))]; + }, $categories); + + return $result; +} + + +$special_keys = ["PROTO", "CAPTCHA_DATASET"]; + +$output = " $val){ + if(!in_array($key, $special_keys)) { + $stored_value = $val; + // conversion between arrays and comma separated env value. + // Handle case when original type of field is array and there is a type mismatch when a comma separted string is passed, + // then split on comma if string (and not numeric, boolean, null, etc) + // + // except in the case where the inital value in default config is null or boolean. Assuming null and boolean + // in default config will be never be assigned an array + + if(gettype($from_config[$key]) != gettype($val) && !is_numeric($val) && !is_null($from_config[$key]) && gettype($from_config[$key]) != "boolean") { + $stored_value = explode(",", $val); + } + $output = $output . "\tconst " . $key . " = " . type_to_string($stored_value) . ";\n"; + + continue; + } + + + if($key === "CAPTCHA_DATASET") { + $output = $output . "\tconst " . $key . " = " . type_to_string(detect_captcha_dirs()) . ";\n"; + } +} + +$output = $output . "}\n"; +$output = $output . "?>"; + +file_put_contents("./data/config.php", $output); +?> diff --git a/docker/tor/Dockerfile b/docker/tor/Dockerfile new file mode 100644 index 0000000..9310f68 --- /dev/null +++ b/docker/tor/Dockerfile @@ -0,0 +1,18 @@ +FROM alpine:edge + +RUN apk add --no-cache curl tor + +EXPOSE 9050 + +HEALTHCHECK --interval=60s --timeout=15s --start-period=20s \ + CMD curl -x socks5h://127.0.0.1:9050 'https://check.torproject.org/api/ip' | grep -qm1 -E '"IsTor"\s*:\s*true' + + +# default owner is tor, but running as root to avoid docker volume mount issue +RUN chown -R root:root /var/lib/tor + +VOLUME ["/var/lib/tor/4get"] + +COPY ./torrc /etc/tor/torrc + +ENTRYPOINT ["/usr/bin/tor"] diff --git a/docker/tor/torrc b/docker/tor/torrc new file mode 100644 index 0000000..da32a7a --- /dev/null +++ b/docker/tor/torrc @@ -0,0 +1 @@ +SocksPort 0.0.0.0:9050 -- cgit v1.2.3