Set Secure Certificate for https

rantes · Sep 1, 2023 · 9ea3221 · 9ea3221
1 parent 43cd94c
commit 9ea3221
Show file tree

Hide file tree

Showing 14 changed files with 379 additions and 42 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,12 +1,8 @@
 FROM php:8.2-apache as builder
 
-# RUN mkdir -p /var/www
-# WORKDIR /var/www
-
 RUN apt update && apt dist-upgrade -y
 
 RUN apt install -y \
-#    php-xdebug \
     git \
     curl \
     zip \
@@ -23,63 +19,60 @@ RUN apt install -y \
     libzip-dev \
     net-tools \
     iputils-ping \
-    nano
-
-# RUN apk add --update --no-cache --virtual .build-deps \
-#             autoconf g++ make \
-#             curl \
-#             git \
-#             zip \
-#             libxml2-dev \
-#             libzip-dev \
-#             sqlite \
-#             sqlite-dev \
-#             icu-dev \
-#             gettext-dev \
-#             nano
+    nano \
+    sudo \
+    openssl
 
-# RUN docker-php-ext-install intl && docker-php-ext-enable intl
 RUN docker-php-ext-install gettext && docker-php-ext-enable gettext
 RUN docker-php-ext-install pdo_mysql && docker-php-ext-enable pdo_mysql
 RUN docker-php-ext-install pdo_sqlite && docker-php-ext-enable pdo_sqlite
-# RUN docker-php-ext-install sockets && docker-php-ext-enable sockets
 RUN pecl install -f xdebug
-# RUN docker-php-ext-enable xdebug
 
 RUN yes | pecl install ${XDEBUG_VERSION} \
     && echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > /usr/local/etc/php/conf.d/xdebug.ini \
     && echo "xdebug.remote_enable=on" >> /usr/local/etc/php/conf.d/xdebug.ini \
     && echo "xdebug.remote_autostart=off" >> /usr/local/etc/php/conf.d/xdebug.ini
 
 COPY config/php.ini /usr/local/etc/php/conf.d/local.ini
+COPY config/000-default.conf /etc/apache2/sites-enabled/000-default.conf
+COPY config/apache2.conf /etc/apache2/apache2.conf
 
+RUN a2enmod ssl
+RUN a2enmod socache_shmcb
 RUN a2enmod rewrite
 RUN a2enmod deflate
 
-RUN apachectl -M
-
 FROM builder as dependencies
 RUN echo $(php -v)
 WORKDIR /
 RUN mkdir -p /usr/bin/
 RUN cp $(which php) /usr/bin/
 
 WORKDIR /tmp
+RUN openssl genrsa -out apache-selfsigned.pem 2048
+RUN openssl req \
+        -new \
+        -sha256 \
+        -subj "/emailAddress=email@localhost/C=CO/ST=bogota/L=bogota/O=latuteca/OU=development/CN=localhost" \
+        -key apache-selfsigned.pem \
+        -out apache-selfsigned.cert
+RUN openssl x509 -req -in apache-selfsigned.cert -signkey apache-selfsigned.pem -out apache-selfsigned-full.pem
 
 RUN git clone https://github.com/rantes/DumboPHP.git
 WORKDIR /tmp/DumboPHP
 
 RUN php install.php
 
 FROM dependencies as release
+
+COPY --chown=www-data --from=dependencies /tmp/apache-selfsigned.pem /etc/apache2/
+COPY --chown=www-data --from=dependencies /tmp/apache-selfsigned-full.pem /etc/apache2/
+RUN ls
+RUN apache2ctl configtest
+RUN apache2ctl start
+
 WORKDIR /var/www/html
 USER www-data
 
-RUN echo 'Running migrations...'
-RUN php /usr/local/bin/dumbo migration run all
-RUN echo 'Running sowing seeds...'
-RUN php /usr/local/bin/dumbo migration sow
-
 EXPOSE 80
-
-# CMD ["sh", "./docker-startup.sh"]
+EXPOSE 443
diff --git a/README.md b/README.md
@@ -2,3 +2,15 @@
 ![Basilisk](app/webroot/images/basilisk.svg "Basilisk")
 ## Summary ##
 Simple Project Manager
+
+## SETUP ##
+with the docker daemon running (docker desktop), run in the console:
+```
+docker-compose up --build --always-recreate-deps --force-recreate --attach-dependencies
+```
+
+Once the image is built, get into the image shell and run:
+
+```
+./docker-startup.sh
+```
diff --git a/app/controllers/common_trait.php b/app/controllers/common_trait.php
@@ -25,6 +25,7 @@ public function signinAction() {
     */
     public function logoutAction() {
         $this->layout = false;
+        $this->render['action'] = false;
         php_sapi_name() !== 'cli' and session_destroy();
         $_SESSION = null;
         unset($_SESSION);

diff --git a/app/models/translation.php b/app/models/translation.php
@@ -11,11 +11,13 @@ public function _init_() {
     }
 
     public function setDomain() {
-        empty($this->domain) and ($this->domain = explode('.', $this->keyid)[0]);
+        !empty($this->keyid) and empty($this->domain) and ($this->domain = explode('.', $this->keyid)[0]);
     }
 
     public function sanitize() {
-        $this->translation = htmlentities($this->translation, ENT_QUOTES, 'UTF-8', false);
+        if (!empty($this->translation)):
+            $this->translation = htmlentities($this->translation, ENT_QUOTES, 'UTF-8', false);
+        endif;
     }
 
     public function checkKeyID() {

diff --git a/app/models/user.php b/app/models/user.php
@@ -27,8 +27,12 @@ public function _init_(){
     }
 
     public function sanitize() {
-        $this->firstname = htmlentities($this->firstname, ENT_QUOTES, 'UTF-8',false);
-        $this->lastname = htmlentities($this->lastname, ENT_QUOTES, 'UTF-8',false);
+        if (!empty($this->firstname)):
+            $this->firstname = htmlentities($this->firstname, ENT_QUOTES, 'UTF-8',false);
+        endif;
+        if (!empty($this->lastname)):
+            $this->lastname = htmlentities($this->lastname, ENT_QUOTES, 'UTF-8',false);
+        endif;
     }
 
     public function encryptPassword() {

diff --git a/config/000-default.conf b/config/000-default.conf
@@ -0,0 +1,54 @@
+Define site /var/www/html
+
+<VirtualHost *:80>
+        Protocols h2 h2c http/1.1
+        ServerName localhost
+        ServerAlias localhost
+
+        ServerAdmin webmaster@localhost
+        DocumentRoot ${site}
+
+        <Directory ${site}>
+               Options Indexes FollowSymLinks
+               AllowOverride All
+               Require all granted
+        </Directory>
+
+        #LogLevel info ssl:warn
+
+        # ErrorLog ${site}/error.log
+        # CustomLog ${site}/access.log combined
+
+        RewriteEngine on
+        RewriteCond %{SERVER_NAME} =localhost
+        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+</VirtualHost>
+
+<VirtualHost *:443>
+        Protocols h2 h2c http/1.1
+        ServerName localhost
+        ServerAlias localhost
+
+        ServerAdmin webmaster@localhost
+        DocumentRoot ${site}
+
+        <Directory ${site}>
+               Options Indexes FollowSymLinks
+               AllowOverride All
+               Require all granted
+        </Directory>
+
+        #LogLevel info ssl:warn
+
+        # ErrorLog ${site}/error.log
+        # CustomLog ${site}/access.log combined
+
+
+
+SSLCertificateFile /etc/apache2/apache-selfsigned-full.pem
+SSLCertificateKeyFile /etc/apache2/apache-selfsigned.pem
+
+#Include /etc/letsencrypt/options-ssl-apache.conf
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet