diff --git a/docker-compose.yml b/docker-compose.yml index 5aab8144a4480f1a442460ca41c1978e731cd797..1062033b1fad1df921eb24648f86c4ee23d29c59 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -50,7 +50,7 @@ services: LDAP_BASE_DN: *base_dn image: adarnimrod/ldap-account-manager ports: - - 80:80 + - 80:8080 restart: always volumes: - _run_slapd:/run/slapd diff --git a/ldap-account-manager/Dockerfile b/ldap-account-manager/Dockerfile index 050bf23dca86885057f4d5dd6112028cf3959adb..c7d257e8843103e2c2ef2f1faeda84be22c6f0aa 100644 --- a/ldap-account-manager/Dockerfile +++ b/ldap-account-manager/Dockerfile @@ -8,7 +8,9 @@ RUN apt-get update && \ patch \ wget \ && \ - chmod 755 /var/log/apache2 && \ + install -d -m 750 -o root -g www-data /var/log/apache2 && \ + install -d -m 755 -o www-data -g root /run/apache2 && \ + a2enmod status && \ ln -sf /dev/stdout /var/log/apache2/access.log && \ ln -sf /dev/stderr /var/log/apache2/error.log && \ ln -sf /dev/stdout /var/log/apache2/lam.log && \ @@ -20,13 +22,15 @@ ENV APACHE_RUN_DIR=/run/apache2 \ APACHE_RUN_GROUP=www-data \ APACHE_PID_FILE=/run/apache2/apache2.pid COPY --chown=root:root patch.diff /root/ -COPY --chown=root:root entrypoint /entrypoint -COPY --chown=root:root lam-setpass /usr/local/sbin/ +COPY --chown=root:root entrypoint /usr/local/bin/ +COPY --chown=root:root lam-setpass /usr/local/bin/ RUN patch --strip 0 --verbose --directory / --input /root/patch.diff && \ apache2 -t ENV LDAP_URI=ldapi:/// \ LAM_PASSWORD=lam -EXPOSE 80 -ENTRYPOINT [ "/entrypoint" ] +EXPOSE 8080 +USER "www-data" +WORKDIR /var/www +ENTRYPOINT [ "entrypoint" ] CMD [ "apache2", "-DFOREGROUND" ] HEALTHCHECK CMD wget --spider --quiet http://localhost/lam/ --user-agent 'Healthcheck' || exit 1 diff --git a/ldap-account-manager/entrypoint b/ldap-account-manager/entrypoint index d31a3d0390ecb4121ac20e261c75bd47ef0723f4..c952eea80aca1b51bdb814ef55073d1659f5ce64 100755 --- a/ldap-account-manager/entrypoint +++ b/ldap-account-manager/entrypoint @@ -8,7 +8,7 @@ cat "$tempfile" > /var/lib/ldap-account-manager/config/lam.conf rm "$tempfile" # Set the password and unset the variable from memory. -chroot --userspec=www-data / /usr/local/sbin/lam-setpass "$LAM_PASSWORD" +lam-setpass "$LAM_PASSWORD" unset LAM_PASSWORD # Start the process. diff --git a/ldap-account-manager/patch.diff b/ldap-account-manager/patch.diff index e59e497f9d45ae2e84ce1395b105fe6cc141f201..360dca4e826112c631e2b26d5f20ad8037a68854 100644 --- a/ldap-account-manager/patch.diff +++ b/ldap-account-manager/patch.diff @@ -69,3 +69,33 @@ types: attr_group: #cn;#gidNumber;#memberUID;#description types: modules_group: posixGroup +--- /etc/apache2/ports.conf 2019-11-09 19:58:29.052813201 +0200 ++++ /etc/apache2/ports.conf 2019-11-02 14:40:08.000000000 +0200 +@@ -2,7 +2,7 @@ + # have to change the VirtualHost statement in + # /etc/apache2/sites-enabled/000-default.conf + +-Listen 80 ++Listen 8080 + + + Listen 443 +--- /etc/apache2/sites-available/000-default.conf 2019-04-03 00:13:44.000000000 +0300 ++++ /etc/apache2/sites-available/000-default.conf 2019-11-09 20:00:01.459226750 +0200 +@@ -1,4 +1,4 @@ +- ++ + # The ServerName directive sets the request scheme, hostname and port that + # the server uses to identify itself. This is used when creating + # redirection URLs. In the context of virtual hosts, the ServerName +--- /etc/apache2/mods-available/status.conf 2019-04-03 00:13:44.000000000 +0300 ++++ /etc/apache2/mods-available/status.conf 2019-11-09 19:59:09.642896703 +0200 +@@ -5,7 +5,7 @@ + + + SetHandler server-status +- Require local ++ #Require local + #Require ip 192.0.2.0/24 + +