Strengthening

assets/000-default.conf

@@ -9,11 +9,14 @@
     </Proxy>
 
     <Directory /var/www/html/>
-        Options Indexes FollowSymLinks MultiViews
+        Options Indexes FollowSymLinks
         AllowOverride All
+		Require all granted
     </Directory>
 
-    ErrorLog ${APACHE_LOG_DIR}/error_php.log
-    CustomLog ${APACHE_LOG_DIR}/access_php.log combined
+    ErrorLog /var/log/apache2/error.log
+    CustomLog /var/log/apache2/access.log combined
 
-</VirtualHost>
+</VirtualHost>
+
+ServerName localhost

assets/alpine-base-install.sh

@@ -37,30 +37,46 @@ else
     while test $# -gt 0; do
       MODULE="$1"
       echo "Enabling module $MODULE"
-      find / -type f -a -name "*.conf" -exec grep -l "LoadModule ${MODULE}_module" {} \; | while read -r conf_file; do
-        echo "Processing : $conf_file"
-        sed -i "/^#LoadModule ${MODULE}_module/s/^#//g" "$conf_file"
-      done
+      sed -i "/^#LoadModule ${MODULE}_module/s/^#//g" /etc/apache2/httpd.conf
       shift
     done
   }
+
+  a2dismod() {
+    while test $# -gt 0; do
+      MODULE="$1"
+      echo "Disabling module $MODULE"
+      sed -i "/^LoadModule ${MODULE}_module/s/^LoadModule/#LoadModule/g" /etc/apache2/httpd.conf
+      shift
+    done
+  }
+
   a2enmod proxy \
     && a2enmod proxy_fcgi \
-    && a2enmod rewrite
+    && a2enmod rewrite \
+    && a2enmod mpm_event \
+    && a2dismod mpm_prefork
+
+  echo "include /etc/apache2/sites-available/000-default.conf" >> /etc/apache2/httpd.conf
   rm -rf /etc/nginx
 fi
-find / -type f -a -name "*apache2*";
-mkdir -p "/var/run/$SERVER_FLAVOUR" "/var/log/$SERVER_FLAVOUR" "/var/tmp/$SERVER_FLAVOUR"
-touch "/var/log/$SERVER_FLAVOUR/access.log" "/var/log/$SERVER_FLAVOUR/error.log"
-chown -R www-data:www-data "/var/run/$SERVER_FLAVOUR" "/var/log/$SERVER_FLAVOUR" "/var/tmp/$SERVER_FLAVOUR"
+
 if [ "$SERVER_FLAVOUR" = "nginx" ]; then
+  mkdir -p "/var/run/$SERVER_FLAVOUR" "/var/log/$SERVER_FLAVOUR" "/var/tmp/$SERVER_FLAVOUR"
+  touch "/var/log/$SERVER_FLAVOUR/access.log" "/var/log/$SERVER_FLAVOUR/error.log"
+  chown -R www-data:www-data "/var/run/$SERVER_FLAVOUR" "/var/log/$SERVER_FLAVOUR" "/var/tmp/$SERVER_FLAVOUR"
   chown -R www-data:www-data "/var/lib/$SERVER_FLAVOUR"
   setcap cap_net_bind_service=+ep "/usr/sbin/$SERVER_FLAVOUR"
 else
+  mkdir -p "/var/run/apache2" "/var/log/apache2" "/var/tmp/apache2"
+  touch "/var/log/apache2/access.log" "/var/log/apache2/error.log"
+  chown -R www-data:www-data "/var/run/apache2" "/var/log/apache2" "/var/tmp/apache2"
   chown -R www-data:www-data "/usr/lib/apache2"
   setcap cap_net_bind_service=+ep "/usr/sbin/httpd"
 fi
 
+rm -f "$PS_FOLDER"/index*
+
 # Install composer
 curl -s https://getcomposer.org/installer | php
 mv composer.phar /usr/bin/composer

assets/debian-base-install.sh

@@ -83,17 +83,20 @@ else
     && a2enmod rewrite
   rm -rf /etc/nginx
 fi
-mkdir -p "/var/run/$SERVER_FLAVOUR" "/var/log/$SERVER_FLAVOUR" "/var/tmp/$SERVER_FLAVOUR"
-touch "/var/log/$SERVER_FLAVOUR/access.log" "/var/log/$SERVER_FLAVOUR/error.log"
-chown -R www-data:www-data "/var/run/$SERVER_FLAVOUR" "/var/log/$SERVER_FLAVOUR" "/var/tmp/$SERVER_FLAVOUR"
 if [ "$SERVER_FLAVOUR" = "nginx" ]; then
-  chown -R www-data:www-data "/var/lib/$SERVER_FLAVOUR"
+  mkdir -p "/var/run/$SERVER_FLAVOUR" "/var/log/$SERVER_FLAVOUR" "/var/tmp/$SERVER_FLAVOUR"
+  touch "/var/log/$SERVER_FLAVOUR/access.log" "/var/log/$SERVER_FLAVOUR/error.log"
+  chown -R www-data:www-data "/var/run/$SERVER_FLAVOUR" "/var/log/$SERVER_FLAVOUR" "/var/tmp/$SERVER_FLAVOUR" "/var/lib/$SERVER_FLAVOUR"
   setcap cap_net_bind_service=+ep "/usr/sbin/$SERVER_FLAVOUR"
 else
-  chown -R www-data:www-data "/var/lib/apache2"
+  mkdir -p "/var/run/apache2" "/var/log/apache2" "/var/tmp/apache2"
+  touch "/var/log/apache2/access.log" "/var/log/apache2/error.log"
+  chown -R www-data:www-data "/var/run/apache2" "/var/log/apache2" "/var/tmp/apache2" "/var/lib/apache2"
   setcap cap_net_bind_service=+ep "/usr/sbin/apache2"
 fi
 
+rm -f "$PS_FOLDER"/index*
+
 # Install composer
 curl -s https://getcomposer.org/installer | php
 mv composer.phar /usr/bin/composer

assets/run.sh

@@ -26,6 +26,7 @@ export PS_PROTOCOL="${PS_PROTOCOL:-http}"
 export SSL_REDIRECT="${SSL_REDIRECT:-false}"
 export XDEBUG_ENABLED="${XDEBUG_ENABLED:-false}"
 
+
 INIT_LOCK=/tmp/flashlight-init.lock
 DUMP_LOCK=/tmp/flashlight-dump.lock
 MODULES_INSTALLED_LOCK=/tmp/flashlight-modules-installed.lock
@@ -74,6 +75,11 @@ if [ ! -f $INIT_LOCK ] || [ "$INIT_ON_RESTART" = "true" ]; then
   rm -f "$TMP_FILE"
   export PS_DOMAIN="$PS_DOMAIN"
 
+  if [ "$SERVER_FLAVOUR" = "apache" ]; then
+    echo "* Applying PS_DOMAIN ($PS_DOMAIN) to root .htaccess..."
+    sed -i "s~localhost:80~$PS_DOMAIN~g" "$PS_FOLDER"/.htaccess
+  fi
+
   # Note: use PS_TRUSTED_PROXIES for PrestaShop > 9 since bbdee4b6d07cf4c40787c95b8c948b04506208fd
   # Note: PS_SSL_ENABLED_EVERYWHERE was missing in ps_configuration in 1.7.2.5
   [ "$SSL_REDIRECT" = "true" ] && PS_PROTOCOL="https";
@@ -239,19 +245,21 @@ if [ "$DRY_RUN" = "true" ]; then
 fi
 
 echo "* Starting php-fpm..."
-# Is running as root, set the php-fpm user and group to www-data
+# If running as root, set the php-fpm user and group to www-data
 [ "$(id -u)" -eq 0 ] && sed -i '/user\s=/s/^;//' /usr/local/etc/php-fpm.conf && sed -i '/group\s=/s/^;//' /usr/local/etc/php-fpm.conf
 php-fpm -D
 
 echo "* Starting $SERVER_FLAVOUR..."
 if [ "$SERVER_FLAVOUR" = "nginx" ]; then
-  # Is running as root, set the nginx user and group to www-data
+  # If running as root, set the nginx user and group to www-data
   [ "$(id -u)" -eq 0 ] && sed -i '/#\suser\swww-data/s/^#//' /etc/nginx/nginx.conf
   nginx -g "daemon off;" &
-elif service --status-all | grep -Fq 'apache2'; then
+elif service --status-all 2> /dev/null | grep -Fq 'apache2'; then
   apache2ctl -D FOREGROUND &
 else
-  exec /usr/sbin/httpd -D FOREGROUND -f /etc/apache2/httpd.conf &
+  # If running as root, set the nginx user and group to www-data
+  [ "$(id -u)" -eq 0 ] && sed -i '/User apache/s/apache/www-data/' /etc/apache2/httpd.conf && sed -i '/Group apache/s/apache/www-data/' /etc/apache2/httpd.conf
+  /usr/sbin/httpd -D FOREGROUND -f /etc/apache2/httpd.conf &
 fi
 SERVER_PID=$!
 sleep 1;

build.sh

@@ -16,12 +16,13 @@ declare TARGET_IMAGE;          # -- docker image name, defaults to "prestashop/p
 declare TARGET_PLATFORM;       # -- a comma separated list of target platforms (defaults to "linux/amd64")
 declare PLATFORM;              # -- alias for $TARGET_PLATFORM
 declare ZIP_SOURCE;            # -- the zip to unpack in flashlight
-declare CUSTOM_LABELS;         # -- only when PRIVATE : list of key=value pairs separated by a comma, for overriding official flashlight labels
+declare CUSTOM_LABELS;         # -- A comma separated list of key=value pairs, for overriding official flashlight labels"
+declare CUSTOM_BASE_IMAGE;     # -- A name for overriding the base docker image. Usefull if you need to build the base to a custom repo
 
 
 # Static configuration
 # --------------------
-DEFAULT_DOCKER_IMAGE=prestashop/prestashop-flashlight
+DEFAULT_BASE_DOCKER_IMAGE=prestashop/prestashop-flashlight
 DEFAULT_OS="alpine";
 DEFAULT_PLATFORM=$(docker system info --format '{{.OSType}}/{{.Architecture}}')
 DEFAULT_SERVER="nginx";
@@ -50,6 +51,7 @@ help() {
   echo "  --custom-labels   A comma separated list of key=value pairs, for overriding official flashlight labels"
   echo "  --target-platform A comma separated list of target platforms (defaults to 'linux/amd64')"
   echo "  --zip-source      The zip containing the PrestaShop release to build a docker image upon (defaults to PrestaShop source code)"
+  echo "  --custom-base-image A name for overriding the base docker image. Usefull if you need to build the base to a custom repo"
   echo ""
   echo "$(tput bold)Environment variables:$(tput sgr0)"
   echo "  BASE_ONLY         Only build the base image (OS_FLAVOUR) without shipping PrestaShop"
@@ -64,6 +66,7 @@ help() {
   echo "  CUSTOM_LABELS     A comma separated list of key=value pairs, for overriding official flashlight labels"
   echo "  TARGET_PLATFORM   A comma separated list of target platforms (defaults to 'linux/amd64')"
   echo "  ZIP_SOURCE        The zip containing the PrestaShop release to build a docker image upon (defaults to PrestaShop source code)"
+  echo "  CUSTOM_BASE_IMAGE A name for overriding the base docker image. Usefull if you need to build the base to a custom repo"
 }
 
 # Parsing input arguments
@@ -83,6 +86,7 @@ while [ "$#" -gt 0 ]; do
     --target-image) TARGET_IMAGE="$2"; shift; shift;;
     --custom-labels) CUSTOM_LABELS="$2"; shift; shift;;
     --zip-source) ZIP_SOURCE="$2"; shift; shift;;
+    --custom-base-image) CUSTOM_BASE_IMAGE="$2"; shift; shift;;
     *) error "Unknown option: $1" 2;;
   esac
 done
@@ -94,6 +98,7 @@ BASE_ONLY=${BASE_ONLY:-false}
 REBUILD_BASE=${REBUILD_BASE:-$BASE_ONLY}
 DRY_RUN=${DRY_RUN:-false}
 TARGET_PLATFORM="${TARGET_PLATFORM:-${PLATFORM:-$DEFAULT_PLATFORM}}"
+BASE_DOCKER_IMAGE="${CUSTOM_BASE_IMAGE:-${DEFAULT_BASE_DOCKER_IMAGE}}"
 
 declare -A TARGET_IMAGE_LABELS;
 
@@ -193,23 +198,26 @@ get_target_images() {
   declare RES;
   if [ "$PS_VERSION" == "nightly" ]; then
     if [ "$OS_FLAVOUR" = "$DEFAULT_OS" ]; then
-      RES="-t ${DEFAULT_DOCKER_IMAGE}:nightly";
+      RES="-t ${BASE_DOCKER_IMAGE}:nightly-${SERVER_FLAVOUR}";
     else 
-      RES="-t ${DEFAULT_DOCKER_IMAGE}:nightly-${OS_FLAVOUR}";
+      RES="-t ${BASE_DOCKER_IMAGE}:nightly-${OS_FLAVOUR}-${SERVER_FLAVOUR}";
     fi
   else
-    if [ "$PS_VERSION" = "$(get_latest_prestashop_version)" ] && [ "$OS_FLAVOUR" = "$DEFAULT_OS" ] && [ "$PHP_VERSION" = "$(get_recommended_php_version "$PS_VERSION")" ]; then
-      RES="-t ${DEFAULT_DOCKER_IMAGE}:latest";
+    if [ "$PS_VERSION" = "$(get_latest_prestashop_version)" ] \
+      && [ "$OS_FLAVOUR" = "$DEFAULT_OS" ] \
+      && [ "$PHP_VERSION" = "$(get_recommended_php_version "$PS_VERSION")" ] \
+      && [ "$SERVER_FLAVOUR" = "$DEFAULT_SERVER" ]; then
+      RES="-t ${BASE_DOCKER_IMAGE}:latest";
     fi
     if [ "$OS_FLAVOUR" = "$DEFAULT_OS" ]; then
-      RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}-${PHP_VERSION}";
+      RES="${RES} -t ${BASE_DOCKER_IMAGE}:${PS_VERSION}-${PHP_VERSION}-${SERVER_FLAVOUR}";
       if [ "$PHP_VERSION" = "$(get_recommended_php_version "$PS_VERSION")" ]; then
-        RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}";
-        RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:php-${PHP_VERSION}";
+        RES="${RES} -t ${BASE_DOCKER_IMAGE}:${PS_VERSION}-${SERVER_FLAVOUR}";
+        RES="${RES} -t ${BASE_DOCKER_IMAGE}:php-${PHP_VERSION}-${SERVER_FLAVOUR}";
       fi
     fi
-    RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}-${PHP_BASE_IMAGE}";
-    RES="${RES} -t ${DEFAULT_DOCKER_IMAGE}:${PS_VERSION}-${OS_FLAVOUR}";
+    RES="${RES} -t ${BASE_DOCKER_IMAGE}:${PS_VERSION}-${PHP_BASE_IMAGE}-${SERVER_FLAVOUR}";
+    RES="${RES} -t ${BASE_DOCKER_IMAGE}:${PS_VERSION}-${OS_FLAVOUR}-${SERVER_FLAVOUR}";
   fi
   echo "$RES";
 }
@@ -257,7 +265,7 @@ done
 
 # Build the docker image
 # ----------------------
-CACHE_IMAGE=prestashop/prestashop-flashlight:base-${PHP_BASE_IMAGE}
+CACHE_IMAGE=$BASE_DOCKER_IMAGE:base-${PHP_BASE_IMAGE}-${SERVER_FLAVOUR}
 if [ "$DRY_RUN" == "true" ]; then
   docker() {
     echo docker "$@"
@@ -267,7 +275,7 @@ fi
 docker pull "$CACHE_IMAGE" 2> /dev/null || REBUILD_BASE='true';
 
 if [ "$REBUILD_BASE" == "true" ]; then
-  echo "building base for $PHP_BASE_IMAGE ($TARGET_PLATFORM)"
+  echo "building base for $PHP_BASE_IMAGE $SERVER_FLAVOUR ($TARGET_PLATFORM)"
   docker buildx build \
     --progress=plain \
     --file "./docker/$OS_FLAVOUR-base.Dockerfile" \
@@ -280,7 +288,7 @@ if [ "$REBUILD_BASE" == "true" ]; then
     --build-arg GIT_SHA="$GIT_SHA" \
     --build-arg SERVER_FLAVOUR="$SERVER_FLAVOUR" \
     "${LABELS[@]}" \
-    --tag "prestashop/prestashop-flashlight:base-$PHP_BASE_IMAGE" \
+    --tag "$BASE_DOCKER_IMAGE:base-${PHP_BASE_IMAGE}-${SERVER_FLAVOUR}" \
     "$([ "${PUSH}" == "true" ] && echo "--push" || echo "--load")" \
     .
 fi
@@ -298,6 +306,7 @@ if [ "$BASE_ONLY" == "false" ]; then
     --build-arg GIT_SHA="$GIT_SHA" \
     --build-arg ZIP_SOURCE="$ZIP_SOURCE" \
     --build-arg SERVER_FLAVOUR="$SERVER_FLAVOUR" \
+    --build-arg BASE_DOCKER_IMAGE="$BASE_DOCKER_IMAGE" \
     "${LABELS[@]}" \
     "${TARGET_IMAGES[@]}" \
     "$([ "${PUSH}" == "true" ] && echo "--push" || echo "--load")" \

docker/flashlight.Dockerfile

@@ -1,21 +1,21 @@
 # --------------------------------
 # Flashlight install and dump SQL
 # --------------------------------
+ARG BASE_DOCKER_IMAGE
 ARG PHP_BASE_IMAGE
-FROM prestashop/prestashop-flashlight:base-${PHP_BASE_IMAGE} AS build-and-dump
+ARG SERVER_FLAVOUR
+FROM ${BASE_DOCKER_IMAGE}:base-${PHP_BASE_IMAGE}-${SERVER_FLAVOUR} AS build-and-dump
 ARG PS_VERSION
 ARG PHP_VERSION
 ARG GIT_SHA
 ARG PS_FOLDER=/var/www/html
 ARG ZIP_SOURCE
-ARG SERVER_FLAVOUR
-ENV SERVER_FLAVOUR=$SERVER_FLAVOUR
 
 # Get PrestaShop source code
 # hadolint ignore=DL3020
 ADD ${ZIP_SOURCE} /tmp/prestashop.zip
 
-# Extract the souces
+# Extract the sources
 RUN mkdir -p "$PS_FOLDER" /tmp/unzip-ps \
   && unzip -n -q /tmp/prestashop.zip -d /tmp/unzip-ps \
   && ([ -f /tmp/unzip-ps/prestashop.zip ] \
@@ -41,18 +41,22 @@ RUN sh /hydrate.sh
 # -----------------------
 # Flashlight final image
 # -----------------------
+ARG BASE_DOCKER_IMAGE
 ARG PHP_BASE_IMAGE
-FROM prestashop/prestashop-flashlight:base-${PHP_BASE_IMAGE} AS prestashop-flashlight
+ARG SERVER_FLAVOUR
+FROM ${BASE_DOCKER_IMAGE}:base-${PHP_BASE_IMAGE}-${SERVER_FLAVOUR} AS prestashop-flashlight
 ARG PS_VERSION
 ARG PHP_VERSION
 ARG PHP_BASE_IMAGE
+ARG SERVER_FLAVOUR
 ARG PS_FOLDER=/var/www/html
 WORKDIR $PS_FOLDER
 
 ENV PHP_BASE_IMAGE=$PHP_BASE_IMAGE
 ENV PHP_VERSION=$PHP_VERSION
 ENV PS_VERSION=$PS_VERSION
 ENV PS_FOLDER=$PS_FOLDER
+ENV SERVER_FLAVOUR=$SERVER_FLAVOUR
 
 RUN mkdir -p "$COMPOSER_HOME" \
   && chown -R www-data:www-data "$COMPOSER_HOME"