EpicMorg/docker-scripts
2
1
Fork 0
mirror of https://github.com/EpicMorg/docker-scripts.git synced 2025-02-23 12:01:20 +03:00
Code Issues Projects Releases Wiki Activity

forked syspass + fixed websites:php7.3

Browse Source
This commit is contained in:
STAM 2020-12-10 18:07:53 +03:00
parent b3fac33f87
commit 98939d9697
34 changed files with 290 additions and 2320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
syspass/.gitignore vendored
View File

@ -1,4 +0,0 @@
docker-compose-*.yml
/.project
/build/*
!/build/build-vendor.sh

26
syspass/build/build-vendor.sh
View File

@ -1,26 +0,0 @@
#!/usr/bin/env bash
#
# Build vendor package for offline installations
#
APP_DIR="$(pwd)/app"
SYSPASS_REPO="https://github.com/nuxsmin/sysPass.git"
COMPOSER_OPTS="--ignore-platform-reqs --no-interaction --no-plugins --no-scripts --prefer-dist --no-dev --optimize-autoloader --classmap-authoritative --working-dir"
COMPOSER_IMAGE="composer:1.8"
VENDOR_PACKAGE="vendor.tar.gz"
if [ ! -d "${APP_DIR}" ]; then
git clone -b master ${SYSPASS_REPO} ${APP_DIR}
else
git pull --no-tags ${APP_DIR} master
fi
[[ -e ${VENDOR_PACKAGE} ]] && rm -rf ${VENDOR_PACKAGE}
docker run --rm -v "${APP_DIR}":/app -u 1000 ${COMPOSER_IMAGE} composer install ${COMPOSER_OPTS} /app
pushd ${APP_DIR} > /dev/null
tar czf ../${VENDOR_PACKAGE} vendor/
popd > /dev/null

50
syspass/common/build.sh
View File

@ -1,50 +0,0 @@
#!/bin/bash
BUILDS=`find ../ -type d -name sysPass-*`
BRANCH="master"
VERSION="3.1.2"
BUILD_NUMBER="19030701"
build_env() {
for BUILD in ${BUILDS}; do
TAG=`echo ${BUILD} | cut -d'-' -f2`
echo "Building env for ${TAG} (${BUILD})"
cp -af entrypoint.sh syspass.conf ${BUILD}/
sed -i 's/SYSPASS_BRANCH="[a-z0-9\.]\+"/SYSPASS_BRANCH="'${BRANCH}'"/i;
s/version=[a-z0-9\.\-]\+/version='${VERSION}'/i;
s/build=[0-9]\+/build='${BUILD_NUMBER}'/' ${BUILD}/Dockerfile
done
find ../ -name docker-compose.yml | while read FILE; do
sed -i 's/syspass:[0-9\.]\+\(-rc[0-9]\+\)\?/syspass:'${VERSION}'/' ${FILE}
done
}
build_docker() {
for BUILD in ${BUILDS}; do
TAG="${VERSION}-`echo ${BUILD} | cut -d'-' -f2`"
echo "Building Docker for ${TAG} (${BUILD})"
docker build --tag syspass:${TAG} ${BUILD}
done
echo "Cleaning up Docker images (dangling)"
docker images --filter dangling=true --format {{.ID}} | xargs docker rmi
}
case $1 in
"env")
build_env
;;
"docker")
build_env
build_docker
;;
*)
echo "Usage: $0 [env|docker]"
;;
esac

130
syspass/common/entrypoint.sh
View File

@ -1,130 +0,0 @@
#!/bin/bash
COLOR_NC='\033[0m'
COLOR_YELLOW='\033[0;33m'
COLOR_RED='\033[0;31m'
COLOR_GREEN='\033[0;32m'
XDEBUG_REMOTE_HOST=${XDEBUG_REMOTE_HOST:-"172.17.0.1"}
XDEBUG_IDE_KEY=${XDEBUG_IDE_KEY:-"ide"}
COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --classmap-authoritative"
GOSU="gosu ${SYSPASS_UID}"
if [ -e /usr/local/sbin/init-functions ]; then
. /usr/local/sbin/init-functions
fi
setup_app () {
if [ -e "${SYSPASS_DIR}/index.php" ]; then
echo -e "${COLOR_YELLOW}setup_app: Setting up permissions${COLOR_NC}"
RW_DIRS="${SYSPASS_DIR}/app/config \
${SYSPASS_DIR}/app/backup \
${SYSPASS_DIR}/app/cache \
${SYSPASS_DIR}/app/resources \
${SYSPASS_DIR}/app/temp"
chown ${APACHE_RUN_USER}:${SYSPASS_UID} -R ${RW_DIRS}
chmod 750 ${RW_DIRS}
chown ${SYSPASS_UID}:${SYSPASS_UID} -R \
${SYSPASS_DIR}/app/modules/*/plugins \
${SYSPASS_DIR}/composer.json \
${SYSPASS_DIR}/composer.lock \
${SYSPASS_DIR}/vendor
fi
}
setup_locales() {
if [ ! -e ".setup" ]; then
LOCALE_GEN="/etc/locale.gen"
echo -e "${COLOR_YELLOW}setup_locales: Setting up locales${COLOR_NC}"
echo -e "\n### sysPass locales" >> $LOCALE_GEN
echo "es_ES.UTF-8 UTF-8" >> $LOCALE_GEN
echo "en_US.UTF-8 UTF-8" >> $LOCALE_GEN
echo "en_GB.UTF-8 UTF-8" >> $LOCALE_GEN
echo "de_DE.UTF-8 UTF-8" >> $LOCALE_GEN
echo "ca_ES.UTF-8 UTF-8" >> $LOCALE_GEN
echo "fr_FR.UTF-8 UTF-8" >> $LOCALE_GEN
echo "ru_RU.UTF-8 UTF-8" >> $LOCALE_GEN
echo "pl_PL.UTF-8 UTF-8" >> $LOCALE_GEN
echo "nl_NL.UTF-8 UTF-8" >> $LOCALE_GEN
echo "pt_BR.UTF-8 UTF-8" >> $LOCALE_GEN
echo "da.UTF-8 UTF-8" >> $LOCALE_GEN
echo "it_IT.UTF-8 UTF-8" >> $LOCALE_GEN
echo "fo.UTF-8 UTF-8" >> $LOCALE_GEN
echo 'LANG="en_US.UTF-8"' > /etc/default/locale
dpkg-reconfigure --frontend=noninteractive locales
update-locale LANG=en_US.UTF-8
export LANG=en_US.UTF-8
echo "1" > .setup
else
echo -e "${COLOR_YELLOW}setup_locales: Locales already set up${COLOR_NC}"
fi
}
run_composer () {
pushd ${SYSPASS_DIR}
if [ -e "./composer.lock" -a -e "composer.json" ]; then
echo -e "${COLOR_YELLOW}run_composer: Running composer${COLOR_NC}"
${GOSU} composer "$@" ${COMPOSER_OPTIONS}
else
echo -e "${COLOR_RED}run_composer: Error, composer not set up${COLOR_NC}"
fi
popd
}
setup_composer_extensions () {
if [ -n "${COMPOSER_EXTENSIONS}" ]; then
echo -e "${COLOR_YELLOW}setup_composer_extensions: ${COMPOSER_EXTENSIONS}${COLOR_NC}"
run_composer require ${COMPOSER_EXTENSIONS} --update-no-dev
fi
}
echo -e "${COLOR_YELLOW}entrypoint: Starting with UID : ${SYSPASS_UID}${COLOR_NC}"
id ${SYSPASS_UID} > /dev/null 2>&1 || useradd --shell /bin/bash -u ${SYSPASS_UID} -o -c "" -m user
export HOME=${SYSPASS_DIR}
setup_app
case "$1" in
"apache")
setup_composer_extensions
setup_locales
setup_apache
SELF_IP_ADDRESS=$(grep $HOSTNAME /etc/hosts | cut -f1)
echo -e "${COLOR_GREEN}######"
echo -e "sysPass environment installed and configured. Please point your browser to https://${SELF_IP_ADDRESS} to start the installation"
echo -e "######${COLOR_NC}"
echo -e "${COLOR_YELLOW}entrypoint: Starting Apache${COLOR_NC}"
run_apache
;;
"update")
run_composer update
;;
"composer")
shift
run_composer "$@"
;;
*)
echo -e "${COLOR_YELLOW}entrypoint: Starting $@${COLOR_NC}"
exec ${GOSU} "$@"
;;
esac

184
syspass/common/syspass.conf
View File

@ -1,184 +0,0 @@
RedirectMatch "^/$" "/index.php"
<Directory "/var/www/html/sysPass">
DirectoryIndex index.php
Options -Indexes -FollowSymLinks -Includes -ExecCGI
<RequireAny>
Require expr "%{REQUEST_URI} =~ m#.*/index\.php(\?r=)?#"
Require expr "%{REQUEST_URI} =~ m#.*/api\.php$#"
Require expr "%{REQUEST_URI} =~ m#^$#"
</RequireAny>
</Directory>
#<Directory ~ "/var/www/html/sysPass/.*/(css|js|images|fonts)">
# Require all granted
#</Directory>
<FilesMatch ".(png|jpg|js|css|ttf|otf|eot|woff|woff2|ico)$">
Require all granted
</FilesMatch>
<VirtualHost *:80>
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/sysPass
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_ssl.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:USE_SSL} "=yes"
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/sysPass
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=2 sw=2 sts=2 sr noet

31
syspass/docker-compose.yml
View File

@ -1,31 +0,0 @@
version: '2'
services:
app:
container_name: syspass-app
image: syspass/syspass:3.1.2
restart: always
ports:
- "80"
- "443"
links:
- db
volumes:
- syspass-config:/var/www/html/sysPass/app/config
- syspass-backup:/var/www/html/sysPass/app/backup
environment:
- USE_SSL=yes
db:
container_name: syspass-db
restart: always
image: mariadb:10.2
environment:
- MYSQL_ROOT_PASSWORD=syspass
ports:
- "3306"
volumes:
- syspass-db:/var/lib/mysql
volumes:
syspass-config: {}
syspass-backup: {}
syspass-db: {}

87
syspass/sysPass-php7.0/Dockerfile
View File

@ -1,87 +0,0 @@
#
# https://syspass.org
# https://doc.syspass.org
#
FROM composer:1.7 as bootstrap
ENV SYSPASS_BRANCH="master"
RUN git clone --branch ${SYSPASS_BRANCH} https://github.com/nuxsmin/sysPass.git \
&& composer install \
--ignore-platform-reqs \
--no-interaction \
--no-plugins \
--no-scripts \
--prefer-dist \
--no-dev \
--classmap-authoritative \
--working-dir /app/sysPass
FROM debian:stretch as app
LABEL maintainer=nuxsmin@syspass.org version=3.1.2 php=7.0 environment=production
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get -y install \
locales \
apache2 \
libapache2-mod-php7.0 \
php-pear \
php7.0 \
php7.0-cgi \
php7.0-cli \
php7.0-common \
php7.0-fpm \
php7.0-gd \
php7.0-json \
php7.0-mysql \
php7.0-readline \
php7.0-curl \
php7.0-intl \
php7.0-ldap \
php7.0-mcrypt \
php7.0-xml \
php7.0-mbstring \
git \
gosu \
unzip \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/*
ENV APACHE_RUN_USER="www-data" \
APACHE_RUN_GROUP="www-data" \
APACHE_LOG_DIR="/var/log/apache2" \
APACHE_LOCK_DIR="/var/lock/apache2" \
APACHE_PID_FILE="/var/run/apache2.pid" \
SYSPASS_DIR="/var/www/html/sysPass" \
SYSPASS_UID=9001
WORKDIR /var/www/html
LABEL build=19030701
# Custom sysPass Apache config with SSL by default
COPY ["syspass.conf", "/etc/apache2/sites-available/"]
# Custom entrypoint
COPY entrypoint.sh init-functions /usr/local/sbin/
RUN chmod 755 /usr/local/sbin/entrypoint.sh \
&& a2dissite 000-default default-ssl \
&& a2ensite syspass \
&& a2enmod proxy_fcgi setenvif ssl rewrite \
&& a2enconf php7.0-fpm \
&& ln -sf /dev/stdout ${APACHE_LOG_DIR}/access.log \
&& ln -sf /dev/stderr ${APACHE_LOG_DIR}/error.log
# sysPass dependencies
COPY --from=bootstrap /app/sysPass/ ${SYSPASS_DIR}/
# Composer binary
COPY --from=bootstrap /usr/bin/composer /usr/bin/
EXPOSE 80 443
ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"]
CMD ["apache"]

29
syspass/sysPass-php7.0/docker-compose.yml
View File

@ -1,29 +0,0 @@
version: '2'
services:
app:
container_name: syspass-app
image: syspass/syspass:3.1.2
restart: always
ports:
- "80"
- "443"
links:
- db
volumes:
- syspass-config:/var/www/html/sysPass/app/config
- syspass-backup:/var/www/html/sysPass/app/backup
db:
container_name: syspass-db
restart: always
image: mariadb:10.2
environment:
- MYSQL_ROOT_PASSWORD=syspass
ports:
- "3306"
volumes:
- syspass-db:/var/lib/mysql
volumes:
syspass-config: {}
syspass-backup: {}
syspass-db: {}

130
syspass/sysPass-php7.0/entrypoint.sh
View File

@ -1,130 +0,0 @@
#!/bin/bash
COLOR_NC='\033[0m'
COLOR_YELLOW='\033[0;33m'
COLOR_RED='\033[0;31m'
COLOR_GREEN='\033[0;32m'
XDEBUG_REMOTE_HOST=${XDEBUG_REMOTE_HOST:-"172.17.0.1"}
XDEBUG_IDE_KEY=${XDEBUG_IDE_KEY:-"ide"}
COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --classmap-authoritative"
GOSU="gosu ${SYSPASS_UID}"
if [ -e /usr/local/sbin/init-functions ]; then
. /usr/local/sbin/init-functions
fi
setup_app () {
if [ -e "${SYSPASS_DIR}/index.php" ]; then
echo -e "${COLOR_YELLOW}setup_app: Setting up permissions${COLOR_NC}"
RW_DIRS="${SYSPASS_DIR}/app/config \
${SYSPASS_DIR}/app/backup \
${SYSPASS_DIR}/app/cache \
${SYSPASS_DIR}/app/resources \
${SYSPASS_DIR}/app/temp"
chown ${APACHE_RUN_USER}:${SYSPASS_UID} -R ${RW_DIRS}
chmod 750 ${RW_DIRS}
chown ${SYSPASS_UID}:${SYSPASS_UID} -R \
${SYSPASS_DIR}/app/modules/*/plugins \
${SYSPASS_DIR}/composer.json \
${SYSPASS_DIR}/composer.lock \
${SYSPASS_DIR}/vendor
fi
}
setup_locales() {
if [ ! -e ".setup" ]; then
LOCALE_GEN="/etc/locale.gen"
echo -e "${COLOR_YELLOW}setup_locales: Setting up locales${COLOR_NC}"
echo -e "\n### sysPass locales" >> $LOCALE_GEN
echo "es_ES.UTF-8 UTF-8" >> $LOCALE_GEN
echo "en_US.UTF-8 UTF-8" >> $LOCALE_GEN
echo "en_GB.UTF-8 UTF-8" >> $LOCALE_GEN
echo "de_DE.UTF-8 UTF-8" >> $LOCALE_GEN
echo "ca_ES.UTF-8 UTF-8" >> $LOCALE_GEN
echo "fr_FR.UTF-8 UTF-8" >> $LOCALE_GEN
echo "ru_RU.UTF-8 UTF-8" >> $LOCALE_GEN
echo "pl_PL.UTF-8 UTF-8" >> $LOCALE_GEN
echo "nl_NL.UTF-8 UTF-8" >> $LOCALE_GEN
echo "pt_BR.UTF-8 UTF-8" >> $LOCALE_GEN
echo "da.UTF-8 UTF-8" >> $LOCALE_GEN
echo "it_IT.UTF-8 UTF-8" >> $LOCALE_GEN
echo "fo.UTF-8 UTF-8" >> $LOCALE_GEN
echo 'LANG="en_US.UTF-8"' > /etc/default/locale
dpkg-reconfigure --frontend=noninteractive locales
update-locale LANG=en_US.UTF-8
export LANG=en_US.UTF-8
echo "1" > .setup
else
echo -e "${COLOR_YELLOW}setup_locales: Locales already set up${COLOR_NC}"
fi
}
run_composer () {
pushd ${SYSPASS_DIR}
if [ -e "./composer.lock" -a -e "composer.json" ]; then
echo -e "${COLOR_YELLOW}run_composer: Running composer${COLOR_NC}"
${GOSU} composer "$@" ${COMPOSER_OPTIONS}
else
echo -e "${COLOR_RED}run_composer: Error, composer not set up${COLOR_NC}"
fi
popd
}
setup_composer_extensions () {
if [ -n "${COMPOSER_EXTENSIONS}" ]; then
echo -e "${COLOR_YELLOW}setup_composer_extensions: ${COMPOSER_EXTENSIONS}${COLOR_NC}"
run_composer require ${COMPOSER_EXTENSIONS} --update-no-dev
fi
}
echo -e "${COLOR_YELLOW}entrypoint: Starting with UID : ${SYSPASS_UID}${COLOR_NC}"
id ${SYSPASS_UID} > /dev/null 2>&1 || useradd --shell /bin/bash -u ${SYSPASS_UID} -o -c "" -m user
export HOME=${SYSPASS_DIR}
setup_app
case "$1" in
"apache")
setup_composer_extensions
setup_locales
setup_apache
SELF_IP_ADDRESS=$(grep $HOSTNAME /etc/hosts | cut -f1)
echo -e "${COLOR_GREEN}######"
echo -e "sysPass environment installed and configured. Please point your browser to https://${SELF_IP_ADDRESS} to start the installation"
echo -e "######${COLOR_NC}"
echo -e "${COLOR_YELLOW}entrypoint: Starting Apache${COLOR_NC}"
run_apache
;;
"update")
run_composer update
;;
"composer")
shift
run_composer "$@"
;;
*)
echo -e "${COLOR_YELLOW}entrypoint: Starting $@${COLOR_NC}"
exec ${GOSU} "$@"
;;
esac

10
syspass/sysPass-php7.0/init-functions
View File

@ -1,10 +0,0 @@
setup_apache () {
return 0
}
run_apache () {
# Apache gets grumpy about PID files pre-existing
rm -f ${APACHE_PID_FILE}
exec /usr/sbin/apache2ctl -DFOREGROUND
}

184
syspass/sysPass-php7.0/syspass.conf
View File

@ -1,184 +0,0 @@
RedirectMatch "^/$" "/index.php"
<Directory "/var/www/html/sysPass">
DirectoryIndex index.php
Options -Indexes -FollowSymLinks -Includes -ExecCGI
<RequireAny>
Require expr "%{REQUEST_URI} =~ m#.*/index\.php(\?r=)?#"
Require expr "%{REQUEST_URI} =~ m#.*/api\.php$#"
Require expr "%{REQUEST_URI} =~ m#^$#"
</RequireAny>
</Directory>
#<Directory ~ "/var/www/html/sysPass/.*/(css|js|images|fonts)">
# Require all granted
#</Directory>
<FilesMatch ".(png|jpg|js|css|ttf|otf|eot|woff|woff2|ico)$">
Require all granted
</FilesMatch>
<VirtualHost *:80>
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/sysPass
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_ssl.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:USE_SSL} "=yes"
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/sysPass
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=2 sw=2 sts=2 sr noet

43
syspass/sysPass-php7.0_dev/20-xdebug.ini
View File

@ -1,43 +0,0 @@
zend_extension=xdebug.so
[debug]
; Remote settings
xdebug.remote_autostart=off
xdebug.remote_enable=on
xdebug.remote_handler=dbgp
xdebug.remote_mode=req
xdebug.remote_host=__XDEBUG_REMOTE_HOST__
xdebug.remote_port=9000
;xdebug.remote_log=/tmp/xdebug.log
; General
xdebug.auto_trace=off
xdebug.collect_includes=on
xdebug.collect_params=off
xdebug.collect_return=off
xdebug.default_enable=on
xdebug.extended_info=1
xdebug.manual_url=http://www.php.net
xdebug.show_local_vars=0
xdebug.show_mem_delta=1
xdebug.max_nesting_level=100
xdebug.idekey=__XDEBUG_IDE_KEY__
xdebug.force_display_errors=1
; Trace options
xdebug.trace_format=0
xdebug.trace_output_dir=/tmp
xdebug.trace_options=0
xdebug.trace_output_name=crc32
; Profiling
xdebug.profiler_append=1
xdebug.profiler_enable=0
xdebug.profiler_enable_trigger=1
xdebug.profiler_output_dir=/tmp
xdebug.profiler_output_name=cachegring.out.%t
;xdebug.profiler_output_name=cachegring.out.%p
;xdebug.profiler_output_name=cachegring.out
;xdebug.profiler_output_name=cachegring.out.%R.%t
xdebug.var_display_max_depth=5

91
syspass/sysPass-php7.0_dev/Dockerfile
View File

@ -1,91 +0,0 @@
#
# https://syspass.org
# https://doc.syspass.org
#
FROM composer:1.7 as bootstrap
ENV SYSPASS_BRANCH="master"
RUN git clone --branch ${SYSPASS_BRANCH} https://github.com/nuxsmin/sysPass.git \
&& composer install \
--ignore-platform-reqs \
--no-interaction \
--no-plugins \
--no-scripts \
--prefer-dist \
--optimize-autoloader \
--working-dir /app/sysPass
FROM debian:stretch as app
LABEL maintainer=nuxsmin@syspass.org version=3.1.2 php=7.0 environment=debug
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get -y install \
locales \
apache2 \
libapache2-mod-php7.0 \
php-pear \
php7.0 \
php7.0-cgi \
php7.0-cli \
php7.0-common \
php7.0-fpm \
php7.0-gd \
php7.0-json \
php7.0-mysql \
php7.0-readline \
php7.0-curl \
php7.0-intl \
php7.0-ldap \
php7.0-mcrypt \
php7.0-xml \
php7.0-mbstring \
php7.0-xdebug \
git \
gosu \
unzip \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/*
ENV APACHE_RUN_USER="www-data" \
APACHE_RUN_GROUP="www-data" \
APACHE_LOG_DIR="/var/log/apache2" \
APACHE_LOCK_DIR="/var/lock/apache2" \
APACHE_PID_FILE="/var/run/apache2.pid" \
SYSPASS_DIR="/var/www/html/sysPass" \
SYSPASS_UID=9001 \
SYSPASS_DEV=0
WORKDIR /var/www/html
LABEL build=19030701
# Custom sysPass Apache config with SSL by default
COPY ["syspass.conf", "/etc/apache2/sites-available/"]
# Xdebug module config
COPY 20-xdebug.ini /etc/php/7.0/apache2/conf.d/20-xdebug.ini
# Custom entrypoint
COPY entrypoint.sh init-functions /usr/local/sbin/
RUN chmod 755 /usr/local/sbin/entrypoint.sh \
&& a2dissite 000-default default-ssl \
&& a2ensite syspass \
&& a2enmod proxy_fcgi setenvif ssl rewrite \
&& a2enconf php7.0-fpm \
&& ln -sf /dev/stdout ${APACHE_LOG_DIR}/access.log \
&& ln -sf /dev/stderr ${APACHE_LOG_DIR}/error.log
# sysPass dependencies
COPY --from=bootstrap /app/sysPass/ ${SYSPASS_DIR}/
# Composer binary
COPY --from=bootstrap /usr/bin/composer /usr/bin/
EXPOSE 80 443
ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"]
CMD ["apache"]

29
syspass/sysPass-php7.0_dev/docker-compose.yml
View File

@ -1,29 +0,0 @@
version: '2'
services:
app:
container_name: syspass-app
image: syspass/syspass:3.1.2-dev
restart: always
ports:
- "80"
- "443"
links:
- db
volumes:
- syspass-config:/var/www/html/sysPass/app/config
- syspass-backup:/var/www/html/sysPass/app/backup
db:
container_name: syspass-db
restart: always
image: mariadb:10.2
environment:
- MYSQL_ROOT_PASSWORD=syspass
ports:
- "3306"
volumes:
- syspass-db:/var/lib/mysql
volumes:
syspass-config: {}
syspass-backup: {}
syspass-db: {}

130
syspass/sysPass-php7.0_dev/entrypoint.sh
View File

@ -1,130 +0,0 @@
#!/bin/bash
COLOR_NC='\033[0m'
COLOR_YELLOW='\033[0;33m'
COLOR_RED='\033[0;31m'
COLOR_GREEN='\033[0;32m'
XDEBUG_REMOTE_HOST=${XDEBUG_REMOTE_HOST:-"172.17.0.1"}
XDEBUG_IDE_KEY=${XDEBUG_IDE_KEY:-"ide"}
COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --classmap-authoritative"
GOSU="gosu ${SYSPASS_UID}"
if [ -e /usr/local/sbin/init-functions ]; then
. /usr/local/sbin/init-functions
fi
setup_app () {
if [ -e "${SYSPASS_DIR}/index.php" ]; then
echo -e "${COLOR_YELLOW}setup_app: Setting up permissions${COLOR_NC}"
RW_DIRS="${SYSPASS_DIR}/app/config \
${SYSPASS_DIR}/app/backup \
${SYSPASS_DIR}/app/cache \
${SYSPASS_DIR}/app/resources \
${SYSPASS_DIR}/app/temp"
chown ${APACHE_RUN_USER}:${SYSPASS_UID} -R ${RW_DIRS}
chmod 750 ${RW_DIRS}
chown ${SYSPASS_UID}:${SYSPASS_UID} -R \
${SYSPASS_DIR}/app/modules/*/plugins \
${SYSPASS_DIR}/composer.json \
${SYSPASS_DIR}/composer.lock \
${SYSPASS_DIR}/vendor
fi
}
setup_locales() {
if [ ! -e ".setup" ]; then
LOCALE_GEN="/etc/locale.gen"
echo -e "${COLOR_YELLOW}setup_locales: Setting up locales${COLOR_NC}"
echo -e "\n### sysPass locales" >> $LOCALE_GEN
echo "es_ES.UTF-8 UTF-8" >> $LOCALE_GEN
echo "en_US.UTF-8 UTF-8" >> $LOCALE_GEN
echo "en_GB.UTF-8 UTF-8" >> $LOCALE_GEN
echo "de_DE.UTF-8 UTF-8" >> $LOCALE_GEN
echo "ca_ES.UTF-8 UTF-8" >> $LOCALE_GEN
echo "fr_FR.UTF-8 UTF-8" >> $LOCALE_GEN
echo "ru_RU.UTF-8 UTF-8" >> $LOCALE_GEN
echo "pl_PL.UTF-8 UTF-8" >> $LOCALE_GEN
echo "nl_NL.UTF-8 UTF-8" >> $LOCALE_GEN
echo "pt_BR.UTF-8 UTF-8" >> $LOCALE_GEN
echo "da.UTF-8 UTF-8" >> $LOCALE_GEN
echo "it_IT.UTF-8 UTF-8" >> $LOCALE_GEN
echo "fo.UTF-8 UTF-8" >> $LOCALE_GEN
echo 'LANG="en_US.UTF-8"' > /etc/default/locale
dpkg-reconfigure --frontend=noninteractive locales
update-locale LANG=en_US.UTF-8
export LANG=en_US.UTF-8
echo "1" > .setup
else
echo -e "${COLOR_YELLOW}setup_locales: Locales already set up${COLOR_NC}"
fi
}
run_composer () {
pushd ${SYSPASS_DIR}
if [ -e "./composer.lock" -a -e "composer.json" ]; then
echo -e "${COLOR_YELLOW}run_composer: Running composer${COLOR_NC}"
${GOSU} composer "$@" ${COMPOSER_OPTIONS}
else
echo -e "${COLOR_RED}run_composer: Error, composer not set up${COLOR_NC}"
fi
popd
}
setup_composer_extensions () {
if [ -n "${COMPOSER_EXTENSIONS}" ]; then
echo -e "${COLOR_YELLOW}setup_composer_extensions: ${COMPOSER_EXTENSIONS}${COLOR_NC}"
run_composer require ${COMPOSER_EXTENSIONS} --update-no-dev
fi
}
echo -e "${COLOR_YELLOW}entrypoint: Starting with UID : ${SYSPASS_UID}${COLOR_NC}"
id ${SYSPASS_UID} > /dev/null 2>&1 || useradd --shell /bin/bash -u ${SYSPASS_UID} -o -c "" -m user
export HOME=${SYSPASS_DIR}
setup_app
case "$1" in
"apache")
setup_composer_extensions
setup_locales
setup_apache
SELF_IP_ADDRESS=$(grep $HOSTNAME /etc/hosts | cut -f1)
echo -e "${COLOR_GREEN}######"
echo -e "sysPass environment installed and configured. Please point your browser to https://${SELF_IP_ADDRESS} to start the installation"
echo -e "######${COLOR_NC}"
echo -e "${COLOR_YELLOW}entrypoint: Starting Apache${COLOR_NC}"
run_apache
;;
"update")
run_composer update
;;
"composer")
shift
run_composer "$@"
;;
*)
echo -e "${COLOR_YELLOW}entrypoint: Starting $@${COLOR_NC}"
exec ${GOSU} "$@"
;;
esac

19
syspass/sysPass-php7.0_dev/init-functions
View File

@ -1,19 +0,0 @@
if [ ${SYSPASS_DEV} -eq 1 ]; then
COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --optimize-autoloader --dev"
fi
setup_apache () {
if [ ! -e "/etc/php/7.0/apache2/conf.d/20-xdebug.ini" -o ${SYSPASS_DEV} -eq 0 ]; then
return 0
fi
echo -e "${COLOR_YELLOW}setup_apache: Setting up xdebug variables${COLOR_NC}"
sed -i 's/__XDEBUG_REMOTE_HOST__/'"$XDEBUG_REMOTE_HOST"'/; s/__XDEBUG_IDE_KEY__/'"$XDEBUG_IDE_KEY"'/' /etc/php/7.0/apache2/conf.d/20-xdebug.ini
}
run_apache () {
# Apache gets grumpy about PID files pre-existing
rm -f ${APACHE_PID_FILE}
exec /usr/sbin/apache2ctl -DFOREGROUND
}

184
syspass/sysPass-php7.0_dev/syspass.conf
View File

@ -1,184 +0,0 @@
RedirectMatch "^/$" "/index.php"
<Directory "/var/www/html/sysPass">
DirectoryIndex index.php
Options -Indexes -FollowSymLinks -Includes -ExecCGI
<RequireAny>
Require expr "%{REQUEST_URI} =~ m#.*/index\.php(\?r=)?#"
Require expr "%{REQUEST_URI} =~ m#.*/api\.php$#"
Require expr "%{REQUEST_URI} =~ m#^$#"
</RequireAny>
</Directory>
#<Directory ~ "/var/www/html/sysPass/.*/(css|js|images|fonts)">
# Require all granted
#</Directory>
<FilesMatch ".(png|jpg|js|css|ttf|otf|eot|woff|woff2|ico)$">
Require all granted
</FilesMatch>
<VirtualHost *:80>
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/sysPass
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_ssl.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:USE_SSL} "=yes"
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/sysPass
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=2 sw=2 sts=2 sr noet

79
syspass/sysPass-php7.1/Dockerfile
View File

@ -1,79 +0,0 @@
#
# https://syspass.org
# https://doc.syspass.org
#
FROM composer:1.7 as bootstrap
ENV SYSPASS_BRANCH="master"
RUN git clone --branch ${SYSPASS_BRANCH} https://github.com/nuxsmin/sysPass.git \
&& composer install \
--ignore-platform-reqs \
--no-interaction \
--no-plugins \
--no-scripts \
--prefer-dist \
--optimize-autoloader \
--working-dir /app/sysPass
FROM php:7.1-apache-stretch as app
LABEL maintainer=nuxsmin@syspass.org version=3.1.2 php=7.1
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get -y install \
locales \
git \
gosu \
libicu-dev \
libldb-dev \
libldap2-dev \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
unzip \
ssl-cert \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/* \
&& pecl install xdebug-2.6.0 \
&& docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install -j$(nproc) ldap intl gettext pdo_mysql opcache gd \
&& docker-php-ext-enable ldap xdebug intl pdo_mysql
ENV APACHE_RUN_USER="www-data" \
SYSPASS_DIR="/var/www/html/sysPass" \
SYSPASS_UID=9001 \
SYSPASS_DEV=0
WORKDIR /var/www/html
LABEL build=19030701
# Custom sysPass Apache config with SSL by default
COPY ["syspass.conf", "/etc/apache2/sites-available/"]
# Xdebug module config
COPY xdebug.ini /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
# Custom entrypoint
COPY entrypoint.sh init-functions /usr/local/sbin/
RUN chmod 755 /usr/local/sbin/entrypoint.sh \
&& a2dissite 000-default default-ssl \
&& a2ensite syspass \
&& a2enmod proxy_fcgi setenvif ssl rewrite \
&& ln -sf /dev/stdout ${APACHE_LOG_DIR}/access.log \
&& ln -sf /dev/stderr ${APACHE_LOG_DIR}/error.log
# sysPass dependencies
COPY --from=bootstrap /app/sysPass/ ${SYSPASS_DIR}/
# Composer binary
COPY --from=bootstrap /usr/bin/composer /usr/bin/
EXPOSE 80 443
ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"]
CMD ["apache"]

24
syspass/sysPass-php7.1/docker-compose.yml
View File

@ -1,24 +0,0 @@
version: '2'
services:
app:
container_name: syspass-app
image: syspass/syspass:3.1.2-php7.1
restart: always
ports:
- "80"
- "443"
links:
- db
volumes:
- /var/www/html/sysPass/app/config
- /var/www/html/sysPass/app/backup
db:
container_name: syspass-db
restart: always
image: mariadb:10.2
environment:
- MYSQL_ROOT_PASSWORD=syspass
ports:
- "3306"
volumes:
- /var/lib/mysql

130
syspass/sysPass-php7.1/entrypoint.sh
View File

@ -1,130 +0,0 @@
#!/bin/bash
COLOR_NC='\033[0m'
COLOR_YELLOW='\033[0;33m'
COLOR_RED='\033[0;31m'
COLOR_GREEN='\033[0;32m'
XDEBUG_REMOTE_HOST=${XDEBUG_REMOTE_HOST:-"172.17.0.1"}
XDEBUG_IDE_KEY=${XDEBUG_IDE_KEY:-"ide"}
COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --classmap-authoritative"
GOSU="gosu ${SYSPASS_UID}"
if [ -e /usr/local/sbin/init-functions ]; then
. /usr/local/sbin/init-functions
fi
setup_app () {
if [ -e "${SYSPASS_DIR}/index.php" ]; then
echo -e "${COLOR_YELLOW}setup_app: Setting up permissions${COLOR_NC}"
RW_DIRS="${SYSPASS_DIR}/app/config \
${SYSPASS_DIR}/app/backup \
${SYSPASS_DIR}/app/cache \
${SYSPASS_DIR}/app/resources \
${SYSPASS_DIR}/app/temp"
chown ${APACHE_RUN_USER}:${SYSPASS_UID} -R ${RW_DIRS}
chmod 750 ${RW_DIRS}
chown ${SYSPASS_UID}:${SYSPASS_UID} -R \
${SYSPASS_DIR}/app/modules/*/plugins \
${SYSPASS_DIR}/composer.json \
${SYSPASS_DIR}/composer.lock \
${SYSPASS_DIR}/vendor
fi
}
setup_locales() {
if [ ! -e ".setup" ]; then
LOCALE_GEN="/etc/locale.gen"
echo -e "${COLOR_YELLOW}setup_locales: Setting up locales${COLOR_NC}"
echo -e "\n### sysPass locales" >> $LOCALE_GEN
echo "es_ES.UTF-8 UTF-8" >> $LOCALE_GEN
echo "en_US.UTF-8 UTF-8" >> $LOCALE_GEN
echo "en_GB.UTF-8 UTF-8" >> $LOCALE_GEN
echo "de_DE.UTF-8 UTF-8" >> $LOCALE_GEN
echo "ca_ES.UTF-8 UTF-8" >> $LOCALE_GEN
echo "fr_FR.UTF-8 UTF-8" >> $LOCALE_GEN
echo "ru_RU.UTF-8 UTF-8" >> $LOCALE_GEN
echo "pl_PL.UTF-8 UTF-8" >> $LOCALE_GEN
echo "nl_NL.UTF-8 UTF-8" >> $LOCALE_GEN
echo "pt_BR.UTF-8 UTF-8" >> $LOCALE_GEN
echo "da.UTF-8 UTF-8" >> $LOCALE_GEN
echo "it_IT.UTF-8 UTF-8" >> $LOCALE_GEN
echo "fo.UTF-8 UTF-8" >> $LOCALE_GEN
echo 'LANG="en_US.UTF-8"' > /etc/default/locale
dpkg-reconfigure --frontend=noninteractive locales
update-locale LANG=en_US.UTF-8
export LANG=en_US.UTF-8
echo "1" > .setup
else
echo -e "${COLOR_YELLOW}setup_locales: Locales already set up${COLOR_NC}"
fi
}
run_composer () {
pushd ${SYSPASS_DIR}
if [ -e "./composer.lock" -a -e "composer.json" ]; then
echo -e "${COLOR_YELLOW}run_composer: Running composer${COLOR_NC}"
${GOSU} composer "$@" ${COMPOSER_OPTIONS}
else
echo -e "${COLOR_RED}run_composer: Error, composer not set up${COLOR_NC}"
fi
popd
}
setup_composer_extensions () {
if [ -n "${COMPOSER_EXTENSIONS}" ]; then
echo -e "${COLOR_YELLOW}setup_composer_extensions: ${COMPOSER_EXTENSIONS}${COLOR_NC}"
run_composer require ${COMPOSER_EXTENSIONS} --update-no-dev
fi
}
echo -e "${COLOR_YELLOW}entrypoint: Starting with UID : ${SYSPASS_UID}${COLOR_NC}"
id ${SYSPASS_UID} > /dev/null 2>&1 || useradd --shell /bin/bash -u ${SYSPASS_UID} -o -c "" -m user
export HOME=${SYSPASS_DIR}
setup_app
case "$1" in
"apache")
setup_composer_extensions
setup_locales
setup_apache
SELF_IP_ADDRESS=$(grep $HOSTNAME /etc/hosts | cut -f1)
echo -e "${COLOR_GREEN}######"
echo -e "sysPass environment installed and configured. Please point your browser to https://${SELF_IP_ADDRESS} to start the installation"
echo -e "######${COLOR_NC}"
echo -e "${COLOR_YELLOW}entrypoint: Starting Apache${COLOR_NC}"
run_apache
;;
"update")
run_composer update
;;
"composer")
shift
run_composer "$@"
;;
*)
echo -e "${COLOR_YELLOW}entrypoint: Starting $@${COLOR_NC}"
exec ${GOSU} "$@"
;;
esac

17
syspass/sysPass-php7.1/init-functions
View File

@ -1,17 +0,0 @@
if [ ${SYSPASS_DEV} -eq 1 ]; then
COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --optimize-autoloader --dev"
fi
setup_apache () {
if [ ${SYSPASS_DEV} -eq 0 ]; then
return 0
fi
echo -e "${COLOR_YELLOW}setup_apache: Setting up xdebug variables${COLOR_NC}"
sed -i 's/__XDEBUG_REMOTE_HOST__/'"$XDEBUG_REMOTE_HOST"'/' /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
sed -i 's/__XDEBUG_IDE_KEY__/'"$XDEBUG_IDE_KEY"'/' /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
}
run_apache () {
apache2-foreground
}

184
syspass/sysPass-php7.1/syspass.conf
View File

@ -1,184 +0,0 @@
RedirectMatch "^/$" "/index.php"
<Directory "/var/www/html/sysPass">
DirectoryIndex index.php
Options -Indexes -FollowSymLinks -Includes -ExecCGI
<RequireAny>
Require expr "%{REQUEST_URI} =~ m#.*/index\.php(\?r=)?#"
Require expr "%{REQUEST_URI} =~ m#.*/api\.php$#"
Require expr "%{REQUEST_URI} =~ m#^$#"
</RequireAny>
</Directory>
#<Directory ~ "/var/www/html/sysPass/.*/(css|js|images|fonts)">
# Require all granted
#</Directory>
<FilesMatch ".(png|jpg|js|css|ttf|otf|eot|woff|woff2|ico)$">
Require all granted
</FilesMatch>
<VirtualHost *:80>
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/sysPass
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_ssl.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:USE_SSL} "=yes"
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/sysPass
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=2 sw=2 sts=2 sr noet

44
syspass/sysPass-php7.1/xdebug.ini
View File

@ -1,44 +0,0 @@
; zend_extension=xdebug.so
zend_extension=/usr/local/lib/php/extensions/no-debug-non-zts-20170718/xdebug.so
[debug]
; Remote settings
xdebug.remote_autostart=off
xdebug.remote_enable=on
xdebug.remote_handler=dbgp
xdebug.remote_mode=req
xdebug.remote_host=__XDEBUG_REMOTE_HOST__
xdebug.remote_port=9000
;xdebug.remote_log=/tmp/xdebug.log
; General
xdebug.auto_trace=off
xdebug.collect_includes=on
xdebug.collect_params=off
xdebug.collect_return=off
xdebug.default_enable=on
xdebug.extended_info=1
xdebug.manual_url=http://www.php.net
xdebug.show_local_vars=0
xdebug.show_mem_delta=1
xdebug.max_nesting_level=100
xdebug.idekey=__XDEBUG_IDE_KEY__
xdebug.force_display_errors=1
; Trace options
xdebug.trace_format=0
xdebug.trace_output_dir=/tmp
xdebug.trace_options=0
xdebug.trace_output_name=crc32
; Profiling
xdebug.profiler_append=1
xdebug.profiler_enable=0
xdebug.profiler_enable_trigger=1
xdebug.profiler_output_dir=/tmp
xdebug.profiler_output_name=cachegring.out.%t
;xdebug.profiler_output_name=cachegring.out.%p
;xdebug.profiler_output_name=cachegring.out
;xdebug.profiler_output_name=cachegring.out.%R.%t
xdebug.var_display_max_depth=5

79
syspass/sysPass-php7.2/Dockerfile
View File

@ -1,79 +0,0 @@
#
# https://syspass.org
# https://doc.syspass.org
#
FROM composer:1.7 as bootstrap
ENV SYSPASS_BRANCH="master"
RUN git clone --branch ${SYSPASS_BRANCH} https://github.com/nuxsmin/sysPass.git \
&& composer install \
--ignore-platform-reqs \
--no-interaction \
--no-plugins \
--no-scripts \
--prefer-dist \
--optimize-autoloader \
--working-dir /app/sysPass
FROM php:7.2-apache-stretch as app
LABEL maintainer=nuxsmin@syspass.org version=3.1.2 php=7.2
RUN apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get -y install \
locales \
git \
gosu \
libicu-dev \
libldb-dev \
libldap2-dev \
libfreetype6-dev \
libjpeg62-turbo-dev \
libpng-dev \
unzip \
ssl-cert \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/* \
&& pecl install xdebug-2.6.0 \
&& docker-php-ext-configure gd --with-freetype-dir=/usr/include/ --with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install -j$(nproc) ldap intl gettext pdo_mysql opcache gd \
&& docker-php-ext-enable ldap xdebug intl pdo_mysql
ENV APACHE_RUN_USER="www-data" \
SYSPASS_DIR="/var/www/html/sysPass" \
SYSPASS_UID=9001 \
SYSPASS_DEV=0
WORKDIR /var/www/html
LABEL build=19030701
# Custom sysPass Apache config with SSL by default
COPY ["syspass.conf", "/etc/apache2/sites-available/"]
# Xdebug module config
COPY xdebug.ini /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
# Custom entrypoint
COPY entrypoint.sh init-functions /usr/local/sbin/
RUN chmod 755 /usr/local/sbin/entrypoint.sh \
&& a2dissite 000-default default-ssl \
&& a2ensite syspass \
&& a2enmod proxy_fcgi setenvif ssl rewrite \
&& ln -sf /dev/stdout ${APACHE_LOG_DIR}/access.log \
&& ln -sf /dev/stderr ${APACHE_LOG_DIR}/error.log
# sysPass dependencies
COPY --from=bootstrap /app/sysPass/ ${SYSPASS_DIR}/
# Composer binary
COPY --from=bootstrap /usr/bin/composer /usr/bin/
EXPOSE 80 443
ENTRYPOINT ["/usr/local/sbin/entrypoint.sh"]
CMD ["apache"]

24
syspass/sysPass-php7.2/docker-compose.yml
View File

@ -1,24 +0,0 @@
version: '2'
services:
app:
container_name: syspass-app
image: syspass/syspass:3.1.2-php7.2
restart: always
ports:
- "80"
- "443"
links:
- db
volumes:
- /var/www/html/sysPass/app/config
- /var/www/html/sysPass/app/backup
db:
container_name: syspass-db
restart: always
image: mariadb:10.2
environment:
- MYSQL_ROOT_PASSWORD=syspass
ports:
- "3306"
volumes:
- /var/lib/mysql

130
syspass/sysPass-php7.2/entrypoint.sh
View File

@ -1,130 +0,0 @@
#!/bin/bash
COLOR_NC='\033[0m'
COLOR_YELLOW='\033[0;33m'
COLOR_RED='\033[0;31m'
COLOR_GREEN='\033[0;32m'
XDEBUG_REMOTE_HOST=${XDEBUG_REMOTE_HOST:-"172.17.0.1"}
XDEBUG_IDE_KEY=${XDEBUG_IDE_KEY:-"ide"}
COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --classmap-authoritative"
GOSU="gosu ${SYSPASS_UID}"
if [ -e /usr/local/sbin/init-functions ]; then
. /usr/local/sbin/init-functions
fi
setup_app () {
if [ -e "${SYSPASS_DIR}/index.php" ]; then
echo -e "${COLOR_YELLOW}setup_app: Setting up permissions${COLOR_NC}"
RW_DIRS="${SYSPASS_DIR}/app/config \
${SYSPASS_DIR}/app/backup \
${SYSPASS_DIR}/app/cache \
${SYSPASS_DIR}/app/resources \
${SYSPASS_DIR}/app/temp"
chown ${APACHE_RUN_USER}:${SYSPASS_UID} -R ${RW_DIRS}
chmod 750 ${RW_DIRS}
chown ${SYSPASS_UID}:${SYSPASS_UID} -R \
${SYSPASS_DIR}/app/modules/*/plugins \
${SYSPASS_DIR}/composer.json \
${SYSPASS_DIR}/composer.lock \
${SYSPASS_DIR}/vendor
fi
}
setup_locales() {
if [ ! -e ".setup" ]; then
LOCALE_GEN="/etc/locale.gen"
echo -e "${COLOR_YELLOW}setup_locales: Setting up locales${COLOR_NC}"
echo -e "\n### sysPass locales" >> $LOCALE_GEN
echo "es_ES.UTF-8 UTF-8" >> $LOCALE_GEN
echo "en_US.UTF-8 UTF-8" >> $LOCALE_GEN
echo "en_GB.UTF-8 UTF-8" >> $LOCALE_GEN
echo "de_DE.UTF-8 UTF-8" >> $LOCALE_GEN
echo "ca_ES.UTF-8 UTF-8" >> $LOCALE_GEN
echo "fr_FR.UTF-8 UTF-8" >> $LOCALE_GEN
echo "ru_RU.UTF-8 UTF-8" >> $LOCALE_GEN
echo "pl_PL.UTF-8 UTF-8" >> $LOCALE_GEN
echo "nl_NL.UTF-8 UTF-8" >> $LOCALE_GEN
echo "pt_BR.UTF-8 UTF-8" >> $LOCALE_GEN
echo "da.UTF-8 UTF-8" >> $LOCALE_GEN
echo "it_IT.UTF-8 UTF-8" >> $LOCALE_GEN
echo "fo.UTF-8 UTF-8" >> $LOCALE_GEN
echo 'LANG="en_US.UTF-8"' > /etc/default/locale
dpkg-reconfigure --frontend=noninteractive locales
update-locale LANG=en_US.UTF-8
export LANG=en_US.UTF-8
echo "1" > .setup
else
echo -e "${COLOR_YELLOW}setup_locales: Locales already set up${COLOR_NC}"
fi
}
run_composer () {
pushd ${SYSPASS_DIR}
if [ -e "./composer.lock" -a -e "composer.json" ]; then
echo -e "${COLOR_YELLOW}run_composer: Running composer${COLOR_NC}"
${GOSU} composer "$@" ${COMPOSER_OPTIONS}
else
echo -e "${COLOR_RED}run_composer: Error, composer not set up${COLOR_NC}"
fi
popd
}
setup_composer_extensions () {
if [ -n "${COMPOSER_EXTENSIONS}" ]; then
echo -e "${COLOR_YELLOW}setup_composer_extensions: ${COMPOSER_EXTENSIONS}${COLOR_NC}"
run_composer require ${COMPOSER_EXTENSIONS} --update-no-dev
fi
}
echo -e "${COLOR_YELLOW}entrypoint: Starting with UID : ${SYSPASS_UID}${COLOR_NC}"
id ${SYSPASS_UID} > /dev/null 2>&1 || useradd --shell /bin/bash -u ${SYSPASS_UID} -o -c "" -m user
export HOME=${SYSPASS_DIR}
setup_app
case "$1" in
"apache")
setup_composer_extensions
setup_locales
setup_apache
SELF_IP_ADDRESS=$(grep $HOSTNAME /etc/hosts | cut -f1)
echo -e "${COLOR_GREEN}######"
echo -e "sysPass environment installed and configured. Please point your browser to https://${SELF_IP_ADDRESS} to start the installation"
echo -e "######${COLOR_NC}"
echo -e "${COLOR_YELLOW}entrypoint: Starting Apache${COLOR_NC}"
run_apache
;;
"update")
run_composer update
;;
"composer")
shift
run_composer "$@"
;;
*)
echo -e "${COLOR_YELLOW}entrypoint: Starting $@${COLOR_NC}"
exec ${GOSU} "$@"
;;
esac

17
syspass/sysPass-php7.2/init-functions
View File

@ -1,17 +0,0 @@
if [ ${SYSPASS_DEV} -eq 1 ]; then
COMPOSER_OPTIONS="--working-dir ${SYSPASS_DIR} --optimize-autoloader --dev"
fi
setup_apache () {
if [ ${SYSPASS_DEV} -eq 0 ]; then
return 0
fi
echo -e "${COLOR_YELLOW}setup_apache: Setting up xdebug variables${COLOR_NC}"
sed -i 's/__XDEBUG_REMOTE_HOST__/'"$XDEBUG_REMOTE_HOST"'/' /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
sed -i 's/__XDEBUG_IDE_KEY__/'"$XDEBUG_IDE_KEY"'/' /usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini
}
run_apache () {
apache2-foreground
}

184
syspass/sysPass-php7.2/syspass.conf
View File

@ -1,184 +0,0 @@
RedirectMatch "^/$" "/index.php"
<Directory "/var/www/html/sysPass">
DirectoryIndex index.php
Options -Indexes -FollowSymLinks -Includes -ExecCGI
<RequireAny>
Require expr "%{REQUEST_URI} =~ m#.*/index\.php(\?r=)?#"
Require expr "%{REQUEST_URI} =~ m#.*/api\.php$#"
Require expr "%{REQUEST_URI} =~ m#^$#"
</RequireAny>
</Directory>
#<Directory ~ "/var/www/html/sysPass/.*/(css|js|images|fonts)">
# Require all granted
#</Directory>
<FilesMatch ".(png|jpg|js|css|ttf|otf|eot|woff|woff2|ico)$">
Require all granted
</FilesMatch>
<VirtualHost *:80>
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/sysPass
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_ssl.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:USE_SSL} "=yes"
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/sysPass
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=2 sw=2 sts=2 sr noet

44
syspass/sysPass-php7.2/xdebug.ini
View File

@ -1,44 +0,0 @@
; zend_extension=xdebug.so
zend_extension=/usr/local/lib/php/extensions/no-debug-non-zts-20170718/xdebug.so
[debug]
; Remote settings
xdebug.remote_autostart=off
xdebug.remote_enable=on
xdebug.remote_handler=dbgp
xdebug.remote_mode=req
xdebug.remote_host=__XDEBUG_REMOTE_HOST__
xdebug.remote_port=9000
;xdebug.remote_log=/tmp/xdebug.log
; General
xdebug.auto_trace=off
xdebug.collect_includes=on
xdebug.collect_params=off
xdebug.collect_return=off
xdebug.default_enable=on
xdebug.extended_info=1
xdebug.manual_url=http://www.php.net
xdebug.show_local_vars=0
xdebug.show_mem_delta=1
xdebug.max_nesting_level=100
xdebug.idekey=__XDEBUG_IDE_KEY__
xdebug.force_display_errors=1
; Trace options
xdebug.trace_format=0
xdebug.trace_output_dir=/tmp
xdebug.trace_options=0
xdebug.trace_output_name=crc32
; Profiling
xdebug.profiler_append=1
xdebug.profiler_enable=0
xdebug.profiler_enable_trigger=1
xdebug.profiler_output_dir=/tmp
xdebug.profiler_output_name=cachegring.out.%t
;xdebug.profiler_output_name=cachegring.out.%p
;xdebug.profiler_output_name=cachegring.out
;xdebug.profiler_output_name=cachegring.out.%R.%t
xdebug.var_display_max_depth=5

26
syspass/sysPass-php7.3/Dockerfile
View File

@ -3,7 +3,7 @@
# https://doc.syspass.org # https://doc.syspass.org
# #
FROM composer:1.7 as bootstrap FROM composer:2.0 as bootstrap
ENV SYSPASS_BRANCH="master" ENV SYSPASS_BRANCH="master"
@ -17,10 +17,32 @@ RUN git clone --branch ${SYSPASS_BRANCH} https://github.com/nuxsmin/sysPass.git
--optimize-autoloader \ --optimize-autoloader \
--working-dir /app/sysPass --working-dir /app/sysPass
FROM php:7.3-apache-stretch as app FROM php:7.3-apache-buster as app
LABEL maintainer=nuxsmin@syspass.org version=3.1.2 php=7.3 LABEL maintainer=nuxsmin@syspass.org version=3.1.2 php=7.3
##################################################################
# adding normal sources list
##################################################################
RUN rm /etc/apt/sources.list
COPY sources.list /etc/apt/sources.list
##################################################################
# installing php repo + smbclient
##################################################################
RUN wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
RUN sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list'
RUN apt update -y && apt install -y --allow-unauthenticated smbclient libsmbclient libsmbclient-dev
RUN pecl install smbclient
RUN docker-php-ext-enable smbclient
##################################################################
# smb fix
##################################################################
RUN rm -frv /etc/samba/smb.conf /usr/share/samba/smb.conf
ADD smb.conf /etc/samba/
ADD smb.conf /usr/share/samba/
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y \ && apt-get install -y \
locales \ locales \

7
syspass/sysPass-php7.3/Makefile Normal file
View File

@ -0,0 +1,7 @@
all: spphp
spphp:
docker build --compress -t epicmorg/syspass:php7.3 .
docker push epicmorg/syspass:php7.3
docker build --compress -t epicmorg/syspass:latest .
docker push epicmorg/syspass:latest

239
syspass/sysPass-php7.3/smb.conf Normal file
View File

@ -0,0 +1,239 @@
#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
# - When such options are commented with ";", the proposed setting
# differs from the default Samba behaviour
# - When commented with "#", the proposed setting is the default
# behaviour of Samba but the option is considered important
# enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic
# errors.
#======================= Global Settings =======================
[global]
client min protocol = SMB2
client max protocol = SMB3
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = WORKGROUP
#### Networking ####
# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
; interfaces = 127.0.0.0/8 eth0
# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself. However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
; bind interfaces only = yes
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
# Cap the size of the individual log files (in KiB).
max log size = 1000
# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
# Append syslog@1 if you want important messages to be sent to syslog too.
logging = file
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller".
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
server role = standalone server
obey pam restrictions = yes
# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
unix password sync = yes
# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
pam password change = yes
# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
map to guest = bad user
########## Domains ###########
#
# The following settings only takes effect if 'server role = primary
# classic domain controller', 'server role = backup domain controller'
# or 'domain logons' is set
#
# It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
; logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
# logon path = \\%N\%U\profile
# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
; logon drive = H:
# logon home = \\%N\%U
# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
; logon script = logon.cmd
# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe. The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
# This allows machine accounts to be created on the domain controller via the
# SAMR RPC pipe.
# The following assumes a "machines" group exists on the system
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.
; add group script = /usr/sbin/addgroup --force-badname %g
############ Misc ############
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /home/samba/etc/smb.conf.%m
# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
; idmap config * : backend = tdb
; idmap config * : range = 3000-7999
; idmap config YOURDOMAINHERE : backend = tdb
; idmap config YOURDOMAINHERE : range = 100000-999999
; template shell = /bin/bash
# Setup usershare options to enable non-root users to share folders
# with the net usershare command.
# Maximum number of usershare. 0 means that usershare is disabled.
# usershare max shares = 100
# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
usershare allow guests = yes
#======================= Share Definitions =======================
[homes]
comment = Home Directories
browseable = no
# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
read only = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0700
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
valid users = %S
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; read only = yes
# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
; write list = root, @lpadmin

19
syspass/sysPass-php7.3/sources.list Normal file
View File

@ -0,0 +1,19 @@
#main
deb http://ftp.ru.debian.org/debian/ buster main contrib non-free
deb-src http://ftp.ru.debian.org/debian/ buster main contrib non-free
deb http://ftp.ru.debian.org/debian/ buster-updates main contrib non-free
deb-src http://ftp.ru.debian.org/debian/ buster-updates main contrib non-free
deb http://ftp.ru.debian.org/debian/ buster-backports main contrib non-free
deb-src http://ftp.ru.debian.org/debian/ buster-backports main contrib non-free
deb http://ftp.ru.debian.org/debian/ buster-proposed-updates main contrib non-free
deb-src http://ftp.ru.debian.org/debian/ buster-proposed-updates main contrib non-free
#security
deb http://ftp.ru.debian.org/debian-security/ buster/updates main contrib non-free
deb-src http://ftp.ru.debian.org/debian-security/ buster/updates main contrib non-free
##multimedia
#deb http://ftp.ru.debian.org/debian-multimedia/ buster main non-free
#deb-src http://ftp.ru.debian.org/debian-multimedia/ buster main non-free
#deb http://ftp.ru.debian.org/debian-multimedia/ buster-backports main
#deb-src http://ftp.ru.debian.org/debian-multimedia/ buster-backports main

2
websites/php7.3/Makefile
View File

@ -1,4 +1,4 @@
all: php all: php
php: php:
docker build --compress -t epicmorg/websites:php7.3 . docker build --compress -t epicmorg/websites:php7.3 .
docker push epicmorg/websites:php7.2 docker push epicmorg/websites:php7.3