From 4346299a52360db52332882096677dcadcf6b087 Mon Sep 17 00:00:00 2001 From: GotPPay Date: Thu, 5 Jul 2018 18:44:41 +0200 Subject: [PATCH 1/4] create ssl cer in container to serve content --- backend.dockerfile | 17 +++- docker-compose.yml | 1 + docker/{php => apache}/apache2.conf | 0 docker/apache/default-ssl.conf | 135 ++++++++++++++++++++++++++++ docker/php/.htaccess | 11 +-- 5 files changed, 153 insertions(+), 11 deletions(-) rename docker/{php => apache}/apache2.conf (100%) create mode 100644 docker/apache/default-ssl.conf diff --git a/backend.dockerfile b/backend.dockerfile index d8a2ecd..d6e46dd 100644 --- a/backend.dockerfile +++ b/backend.dockerfile @@ -1,11 +1,20 @@ FROM php:7.0-apache RUN docker-php-ext-install pdo pdo_mysql mysqli -RUN a2enmod rewrite +RUN a2enmod rewrite ssl -COPY docker/php/apache2.conf /etc/apache2/ +COPY backend /var/www/html + +COPY docker/apache/apache2.conf /etc/apache2/ +COPY docker/apache/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf -COPY backend /var/www/html COPY docker/php/.htaccess /var/www/html/ -RUN chown -R www-data:www-data /var/www/html +RUN chown -R www-data:www-data /var/www/html + +RUN openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \ + -subj "/C=BA/ST=FBiH/L=Sarajevo/O=Saburly/CN=localhost" \ + -keyout /etc/ssl/private/selfsigned.key -out /etc/ssl/certs/selfsigned.crt + +WORKDIR /etc/apache2/sites-enabled +RUN ln -s ../sites-available/default-ssl.conf default-ssl.conf \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index b860213..b1d4e02 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,6 +9,7 @@ services: - ./log/backend/:/var/log/apache2/ ports: - '8081:80' + - '8082:443' depends_on: - db #use links keywoard to use db as a known host "db" to connect to database diff --git a/docker/php/apache2.conf b/docker/apache/apache2.conf similarity index 100% rename from docker/php/apache2.conf rename to docker/apache/apache2.conf diff --git a/docker/apache/default-ssl.conf b/docker/apache/default-ssl.conf new file mode 100644 index 0000000..ddffefa --- /dev/null +++ b/docker/apache/default-ssl.conf @@ -0,0 +1,135 @@ + + + ServerAdmin webmaster@localhost + ServerName localhost + + DocumentRoot /var/www/html + + # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, + # error, crit, alert, emerg. + # It is also possible to configure the loglevel for particular + # modules, e.g. + #LogLevel info ssl:warn + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + # For most configuration files from conf-available/, which are + # enabled or disabled at a global level, it is possible to + # include a line for only one particular virtual host. For example the + # following line enables the CGI configuration for this host only + # after it has been globally disabled with "a2disconf". + #Include conf-available/serve-cgi-bin.conf + + # SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + # A self-signed (snakeoil) certificate can be created by installing + # the ssl-cert package. See + # /usr/share/doc/apache2/README.Debian.gz for more info. + # If both key and certificate are stored in the same file, only the + # SSLCertificateFile directive is needed. + SSLCertificateFile /etc/ssl/certs/selfsigned.crt + SSLCertificateKeyFile /etc/ssl/private/selfsigned.key + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the + # concatenation of PEM encoded CA certificates which form the + # certificate chain for the server certificate. Alternatively + # the referenced file can be the same as SSLCertificateFile + # when the CA certificates are directly appended to the server + # certificate for convinience. + #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt + + # Certificate Authority (CA): + # Set the CA certificate verification path where to find CA + # certificates for client authentication or alternatively one + # huge file containing all of them (file must be PEM encoded) + # Note: Inside SSLCACertificatePath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCACertificatePath /etc/ssl/certs/ + #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt + + # Certificate Revocation Lists (CRL): + # Set the CA revocation path where to find CA CRLs for client + # authentication or alternatively one huge file containing all + # of them (file must be PEM encoded) + # Note: Inside SSLCARevocationPath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCARevocationPath /etc/apache2/ssl.crl/ + #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl + + # Client Authentication (Type): + # Client certificate verification type and depth. Types are + # none, optional, require and optional_no_ca. Depth is a + # number which specifies how deeply to verify the certificate + # issuer chain before deciding the certificate is not valid. + #SSLVerifyClient require + #SSLVerifyDepth 10 + + # SSL Engine Options: + # Set various options for the SSL engine. + # o FakeBasicAuth: + # Translate the client X.509 into a Basic Authorisation. This means that + # the standard Auth/DBMAuth methods can be used for access control. The + # user name is the `one line' version of the client's X.509 certificate. + # Note that no password is obtained from the user. Every entry in the user + # file needs this password: `xxj31ZMTZzkVA'. + # o ExportCertData: + # This exports two additional environment variables: SSL_CLIENT_CERT and + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the + # server (always existing) and the client (only existing when client + # authentication is used). This can be used to import the certificates + # into CGI scripts. + # o StdEnvVars: + # This exports the standard SSL/TLS related `SSL_*' environment variables. + # Per default this exportation is switched off for performance reasons, + # because the extraction step is an expensive operation and is usually + # useless for serving static content. So one usually enables the + # exportation for CGI and SSI requests only. + # o OptRenegotiate: + # This enables optimized SSL connection renegotiation handling when SSL + # directives are used in per-directory context. + #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + + + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/docker/php/.htaccess b/docker/php/.htaccess index 5c1c202..11ff2a3 100644 --- a/docker/php/.htaccess +++ b/docker/php/.htaccess @@ -1,16 +1,13 @@ - -# BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin -RewriteRule ^wp-admin$ wp-admin/ [R=301,L] +RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] -RewriteRule ^(wp-(content|admin|includes).*) $1 [L] -RewriteRule ^(.*\.php)$ wp/$1 [L] -RewriteRule . index.php [L] -# END WordPress +RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] +RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] +RewriteRule . index.php [L] \ No newline at end of file From 453a4ff707d9b11a85ae02b1a7ba8d2187800950 Mon Sep 17 00:00:00 2001 From: GotPPay Date: Fri, 6 Jul 2018 17:58:30 +0200 Subject: [PATCH 2/4] stop rewriting rules, create symlink to root dir named as api --- backend.dockerfile | 4 ++-- docker/php/.htaccess | 13 ------------- 2 files changed, 2 insertions(+), 15 deletions(-) delete mode 100644 docker/php/.htaccess diff --git a/backend.dockerfile b/backend.dockerfile index d6e46dd..0a9418b 100644 --- a/backend.dockerfile +++ b/backend.dockerfile @@ -4,12 +4,12 @@ RUN docker-php-ext-install pdo pdo_mysql mysqli RUN a2enmod rewrite ssl COPY backend /var/www/html +WORKDIR /var/www/html +RUN ln -s ../html api COPY docker/apache/apache2.conf /etc/apache2/ COPY docker/apache/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf -COPY docker/php/.htaccess /var/www/html/ - RUN chown -R www-data:www-data /var/www/html RUN openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \ diff --git a/docker/php/.htaccess b/docker/php/.htaccess deleted file mode 100644 index 11ff2a3..0000000 --- a/docker/php/.htaccess +++ /dev/null @@ -1,13 +0,0 @@ -RewriteEngine On -RewriteBase / -RewriteRule ^index\.php$ - [L] - -# add a trailing slash to /wp-admin -RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] - -RewriteCond %{REQUEST_FILENAME} -f [OR] -RewriteCond %{REQUEST_FILENAME} -d -RewriteRule ^ - [L] -RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] -RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] -RewriteRule . index.php [L] \ No newline at end of file From 796200e902d7b7546d19db5ed3788a6a13710a1f Mon Sep 17 00:00:00 2001 From: GotPPay Date: Mon, 9 Jul 2018 10:45:48 +0200 Subject: [PATCH 3/4] update readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 7abca1c..9415ec4 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,8 @@ wooCommerce API key : consumer key : ck_1ee57854e327639d33ca072073499d4adaf9d8f4 consumer secret : cs_e51bf71b6ce05fe9a0d17d3e4f249c2b6ec8cbd5 + (use bacic Auth, consumer key is user name, consumer secret is password) + mysql : user : wp_admin password : wp_password From b662efc7f805890e21ef1a5d852e2ac515fe9815 Mon Sep 17 00:00:00 2001 From: GotPPay Date: Mon, 9 Jul 2018 10:47:39 +0200 Subject: [PATCH 4/4] fix api access and url rewriting --- backend.dockerfile | 4 ++-- docker/php/.htaccess | 19 +++++++++---------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/backend.dockerfile b/backend.dockerfile index d6e46dd..0a9418b 100644 --- a/backend.dockerfile +++ b/backend.dockerfile @@ -4,12 +4,12 @@ RUN docker-php-ext-install pdo pdo_mysql mysqli RUN a2enmod rewrite ssl COPY backend /var/www/html +WORKDIR /var/www/html +RUN ln -s ../html api COPY docker/apache/apache2.conf /etc/apache2/ COPY docker/apache/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf -COPY docker/php/.htaccess /var/www/html/ - RUN chown -R www-data:www-data /var/www/html RUN openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \ diff --git a/docker/php/.htaccess b/docker/php/.htaccess index 11ff2a3..7135530 100644 --- a/docker/php/.htaccess +++ b/docker/php/.htaccess @@ -1,13 +1,12 @@ + +# BEGIN WordPress + RewriteEngine On -RewriteBase / +RewriteBase /api/ RewriteRule ^index\.php$ - [L] +RewriteCond %{REQUEST_FILENAME} !-f +RewriteCond %{REQUEST_FILENAME} !-d +RewriteRule . /api/index.php [L] + -# add a trailing slash to /wp-admin -RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] - -RewriteCond %{REQUEST_FILENAME} -f [OR] -RewriteCond %{REQUEST_FILENAME} -d -RewriteRule ^ - [L] -RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] -RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] -RewriteRule . index.php [L] \ No newline at end of file +# END WordPress \ No newline at end of file