Compare commits
64 Commits
Author | SHA1 | Date | |
---|---|---|---|
0179b787b1 | |||
5f1906feb8 | |||
f708d1f194 | |||
ef8106adcd | |||
cc14a5e76a | |||
43ee8da6ef | |||
836c86e165 | |||
0a84b8e997 | |||
4666fae569 | |||
12fa7c5ef6 | |||
ca5461743d | |||
5fbc7e8112 | |||
c7d1c72737 | |||
dc25bd9e65 | |||
eed796c375 | |||
78fdcfd36b | |||
b7c9c4166c | |||
d86126bf70 | |||
aa88052b5a | |||
f86a6d83f0 | |||
58df557883 | |||
fb7d5f5b1e | |||
a47abc2d9f | |||
04063c496a | |||
7f25c4943a | |||
b7bb809d68 | |||
79d5310d5d | |||
72a8d74e35 | |||
7006125b0b | |||
aa9f917d4a | |||
c17c2c3b73 | |||
540117be56 | |||
f3e0b7561d | |||
dce7230498 | |||
2d1ee0afa0 | |||
6c910626f8 | |||
5b7aaf23d6 | |||
8cc044ab01 | |||
cbb67c7319 | |||
407b794043 | |||
35c13a48d3 | |||
e3612164e3 | |||
e997ba39b8 | |||
be67b46f83 | |||
031296c727 | |||
ea6aa6f7fd | |||
c012d1f8d8 | |||
a75fd490ce | |||
dadfcfa306 | |||
ff4d33d36d | |||
688fcb4951 | |||
f8c6bb98ac | |||
14421c6a7e | |||
b48180621c | |||
0abfb59001 | |||
aa91ecf18b | |||
2f6693f42f | |||
7a2fd629c4 | |||
0975574f66 | |||
264cf6a576 | |||
39f83351ae | |||
4069c0b8ab | |||
149df92f62 | |||
18a481aefb |
21
.github/renovate.json
vendored
Normal file
21
.github/renovate.json
vendored
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
{
|
||||||
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
|
"extends": [
|
||||||
|
"config:base"
|
||||||
|
],
|
||||||
|
"dependencyDashboard": true,
|
||||||
|
"dependencyDashboardTitle": "Renovate Dashboard",
|
||||||
|
"labels": ["renovatebot"],
|
||||||
|
"packageRules": [
|
||||||
|
{
|
||||||
|
"managers": ["github-actions"],
|
||||||
|
"matchUpdateTypes": ["patch"],
|
||||||
|
"automerge": true,
|
||||||
|
"automergeType": "pr",
|
||||||
|
"platformAutomerge": true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"docker-compose": {
|
||||||
|
"ignorePaths": ["docker-compose-dev.yml"]
|
||||||
|
}
|
||||||
|
}
|
5
.github/trivy.yaml
vendored
Normal file
5
.github/trivy.yaml
vendored
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
format: table
|
||||||
|
severity:
|
||||||
|
- CRITICAL
|
||||||
|
vulnerability:
|
||||||
|
ignore-unfixed: true
|
43
.github/workflows/container_scan.yml
vendored
43
.github/workflows/container_scan.yml
vendored
@ -1,43 +0,0 @@
|
|||||||
name: Container scan on commit to master
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- master
|
|
||||||
|
|
||||||
env:
|
|
||||||
USER: loganmarchione
|
|
||||||
REPO: docker-webdav-nginx
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
ubuntu_ci:
|
|
||||||
name: Build and scan
|
|
||||||
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Check out the codebase
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
|
|
||||||
- name: Set variables
|
|
||||||
run: |
|
|
||||||
VER=$(cat VERSION)
|
|
||||||
echo "VERSION=$VER" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
- name: Build Docker Image
|
|
||||||
uses: docker/build-push-action@v2
|
|
||||||
with:
|
|
||||||
push: false
|
|
||||||
context: .
|
|
||||||
file: Dockerfile
|
|
||||||
load: true
|
|
||||||
tags: |
|
|
||||||
${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
|
|
||||||
${{ env.USER }}/${{ env.REPO }}:latest
|
|
||||||
|
|
||||||
- name: Container scan
|
|
||||||
uses: azure/container-scan@v0
|
|
||||||
with:
|
|
||||||
image-name: ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
|
|
||||||
severity-threshold: CRITICAL
|
|
||||||
run-quality-checks: true
|
|
65
.github/workflows/main.yml
vendored
65
.github/workflows/main.yml
vendored
@ -6,28 +6,48 @@ on:
|
|||||||
- "[0-9]+.[0-9]+.[0-9]+"
|
- "[0-9]+.[0-9]+.[0-9]+"
|
||||||
schedule:
|
schedule:
|
||||||
- cron: "0 5 * * 0"
|
- cron: "0 5 * * 0"
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
env:
|
env:
|
||||||
USER: loganmarchione
|
USER: loganmarchione
|
||||||
REPO: docker-webdav-nginx
|
REPO: docker-webdav-nginx
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
ubuntu_ci:
|
lint:
|
||||||
name: Build and test
|
name: Lint
|
||||||
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Check out the codebase
|
- name: Check out the codebase
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Lint Dockerfile with Hadolint
|
||||||
|
uses: hadolint/hadolint-action@v3.1.0
|
||||||
|
with:
|
||||||
|
failure-threshold: error
|
||||||
|
ignore: DL3008,DL3018
|
||||||
|
|
||||||
|
ci:
|
||||||
|
name: Build and test
|
||||||
|
|
||||||
|
needs: lint
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Check out the codebase
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Set variables
|
- name: Set variables
|
||||||
run: |
|
run: |
|
||||||
VER=$(cat VERSION)
|
VER=$(cat VERSION)
|
||||||
echo "VERSION=$VER" >> $GITHUB_ENV
|
echo "VERSION=$VER" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v2
|
||||||
|
|
||||||
- name: Build Docker Image
|
- name: Build Docker Image
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v4
|
||||||
with:
|
with:
|
||||||
push: false
|
push: false
|
||||||
context: .
|
context: .
|
||||||
@ -40,47 +60,60 @@ jobs:
|
|||||||
- name: Test image
|
- name: Test image
|
||||||
run: |
|
run: |
|
||||||
docker images
|
docker images
|
||||||
docker run --name test-container --detach --env WEBDAV_USER=user1 --env WEBDAV_PASS=password1 --volume 'webdav:/var/www/webdav' ${USER}/${REPO}:${VERSION}
|
docker run --name test-container --detach --env WEBDAV_USER=user --env WEBDAV_PASS=password1 --volume 'webdav:/var/www/webdav' ${USER}/${REPO}:${VERSION}
|
||||||
docker ps -a
|
docker ps -a
|
||||||
|
|
||||||
- name: Container scan
|
- name: Container scan with Dockle
|
||||||
uses: azure/container-scan@v0
|
uses: goodwithtech/dockle-action@0.1.0
|
||||||
with:
|
with:
|
||||||
image-name: ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
|
image: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}'
|
||||||
severity-threshold: CRITICAL
|
format: 'list'
|
||||||
run-quality-checks: true
|
exit-code: '1'
|
||||||
|
exit-level: 'warn'
|
||||||
|
ignore: 'CIS-DI-0001'
|
||||||
|
|
||||||
ubuntu_cd:
|
- name: Container scan with Trivy
|
||||||
|
uses: aquasecurity/trivy-action@0.11.2
|
||||||
|
with:
|
||||||
|
scan-type: 'image'
|
||||||
|
image-ref: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}'
|
||||||
|
trivy-config: ./github/trivy.yaml
|
||||||
|
|
||||||
|
cd:
|
||||||
name: Deploy
|
name: Deploy
|
||||||
|
|
||||||
needs: ubuntu_ci
|
needs: ci
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Check out the codebase
|
- name: Check out the codebase
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
- name: Set variables
|
- name: Set variables
|
||||||
run: |
|
run: |
|
||||||
VER=$(cat VERSION)
|
VER=$(cat VERSION)
|
||||||
echo "VERSION=$VER" >> $GITHUB_ENV
|
echo "VERSION=$VER" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Set up QEMU
|
||||||
|
uses: docker/setup-qemu-action@v2
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v1
|
uses: docker/setup-buildx-action@v2
|
||||||
|
|
||||||
- name: Login to DockerHub
|
- name: Login to DockerHub
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v2
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKER_HUB_USER }}
|
username: ${{ secrets.DOCKER_HUB_USER }}
|
||||||
password: ${{ secrets.DOCKER_HUB_PASS }}
|
password: ${{ secrets.DOCKER_HUB_PASS }}
|
||||||
logout: true
|
logout: true
|
||||||
|
|
||||||
- name: Build Docker Image
|
- name: Build Docker Image
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v4
|
||||||
with:
|
with:
|
||||||
push: true
|
push: true
|
||||||
context: .
|
context: .
|
||||||
file: Dockerfile
|
file: Dockerfile
|
||||||
|
platforms: linux/amd64,linux/arm64,linux/arm/v7
|
||||||
tags: |
|
tags: |
|
||||||
${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
|
${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
|
||||||
${{ env.USER }}/${{ env.REPO }}:latest
|
${{ env.USER }}/${{ env.REPO }}:latest
|
12
Dockerfile
12
Dockerfile
@ -1,4 +1,4 @@
|
|||||||
FROM ubuntu:focal
|
FROM debian:12-slim
|
||||||
|
|
||||||
ARG BUILD_DATE
|
ARG BUILD_DATE
|
||||||
|
|
||||||
@ -11,9 +11,9 @@ LABEL \
|
|||||||
|
|
||||||
ARG DEBIAN_FRONTEND=noninteractive
|
ARG DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
RUN apt-get update && apt-get -y install --no-install-recommends \
|
||||||
apache2-utils \
|
apache2-utils \
|
||||||
netcat \
|
netcat-openbsd \
|
||||||
nginx-extras && \
|
nginx-extras && \
|
||||||
rm -rf /var/lib/apt/lists/* && \
|
rm -rf /var/lib/apt/lists/* && \
|
||||||
mkdir -p "/var/www/webdav/restricted" && \
|
mkdir -p "/var/www/webdav/restricted" && \
|
||||||
@ -25,11 +25,13 @@ EXPOSE 80
|
|||||||
|
|
||||||
VOLUME [ "/var/www/webdav" ]
|
VOLUME [ "/var/www/webdav" ]
|
||||||
|
|
||||||
COPY password.sh password.sh
|
COPY entrypoint.sh /
|
||||||
|
|
||||||
|
COPY VERSION /
|
||||||
|
|
||||||
COPY webdav.conf /etc/nginx/sites-enabled/webdav
|
COPY webdav.conf /etc/nginx/sites-enabled/webdav
|
||||||
|
|
||||||
ENTRYPOINT ["/password.sh"]
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
|
||||||
CMD ["nginx", "-g", "daemon off;"]
|
CMD ["nginx", "-g", "daemon off;"]
|
||||||
|
|
||||||
|
27
README.md
27
README.md
@ -6,9 +6,10 @@
|
|||||||
Runs a Nginx WebDav server in Docker
|
Runs a Nginx WebDav server in Docker
|
||||||
- Source code: [GitHub](https://github.com/loganmarchione/docker-webdav-nginx)
|
- Source code: [GitHub](https://github.com/loganmarchione/docker-webdav-nginx)
|
||||||
- Docker container: [Docker Hub](https://hub.docker.com/r/loganmarchione/docker-webdav-nginx)
|
- Docker container: [Docker Hub](https://hub.docker.com/r/loganmarchione/docker-webdav-nginx)
|
||||||
- Image base: [Ubuntu](https://hub.docker.com/_/ubuntu)
|
- Image base: [Debian](https://hub.docker.com/_/debian)
|
||||||
- Init system: N/A
|
- Init system: N/A
|
||||||
- Application: [Nginx](https://nginx.org/)
|
- Application: [Nginx](https://nginx.org/)
|
||||||
|
- Architecture: `linux/amd64,linux/arm64,linux/arm/v7`
|
||||||
|
|
||||||
## Explanation
|
## Explanation
|
||||||
|
|
||||||
@ -29,10 +30,11 @@ Runs a Nginx WebDav server in Docker
|
|||||||
- `X.X.X`: [Semantic version](https://semver.org/) (use if you want to stick on a specific version)
|
- `X.X.X`: [Semantic version](https://semver.org/) (use if you want to stick on a specific version)
|
||||||
|
|
||||||
### Environment variables
|
### Environment variables
|
||||||
| Variable | Required? | Definition | Example | Comments |
|
| Variable | Required? | Definition | Example | Comments |
|
||||||
|-------------|-----------|----------------------------------|----------------------------|--------------------------------------------------------------|
|
|----------------------------|--------------------|----------------------------------------------------------------------------------------------------------------|----------------------------|--------------------------------------------------------------|
|
||||||
| WEBDAV_USER | No | WebDav username | user1 | user AND pass need to be set for authentication to work |
|
| WEBDAV_USER | No | WebDav username | user | user AND pass need to be set for authentication to work |
|
||||||
| WEBDAV_PASS | No | WebDav password | password1 | user AND pass need to be set for authentication to work |
|
| WEBDAV_PASS | No | WebDav password | password1 | user AND pass need to be set for authentication to work |
|
||||||
|
| NGINX_CLIENT_MAX_BODY_SIZE | No (default: 250M) | Nginx's [client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) | 500M | Be sure to include the units. Set to `0` to disable. |
|
||||||
|
|
||||||
### Ports
|
### Ports
|
||||||
| Port on host | Port in container | Comments |
|
| Port on host | Port in container | Comments |
|
||||||
@ -50,11 +52,12 @@ Below is an example docker-compose.yml file.
|
|||||||
version: '3'
|
version: '3'
|
||||||
services:
|
services:
|
||||||
webdav:
|
webdav:
|
||||||
container_name: webdav
|
container_name: docker-webdav-nginx
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
environment:
|
environment:
|
||||||
- WEBDAV_USER=user
|
- WEBDAV_USER=user
|
||||||
- WEBDAV_PASS=password1
|
- WEBDAV_PASS=password1
|
||||||
|
- NGINX_CLIENT_MAX_BODY_SIZE=500M
|
||||||
networks:
|
networks:
|
||||||
- webdav
|
- webdav
|
||||||
ports:
|
ports:
|
||||||
@ -71,4 +74,16 @@ volumes:
|
|||||||
driver: local
|
driver: local
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Below is an example of running locally (used to edit/test/debug).
|
||||||
|
```
|
||||||
|
# Build the Dockerfile
|
||||||
|
docker compose -f docker-compose-dev.yml up -d
|
||||||
|
|
||||||
|
# View logs
|
||||||
|
docker compose -f docker-compose-dev.yml logs -f
|
||||||
|
|
||||||
|
# Destroy when done
|
||||||
|
docker compose -f docker-compose-dev.yml down
|
||||||
|
```
|
||||||
|
|
||||||
## TODO
|
## TODO
|
||||||
|
25
docker-compose-dev.yml
Normal file
25
docker-compose-dev.yml
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
webdav:
|
||||||
|
container_name: docker-webdav-nginx
|
||||||
|
restart: unless-stopped
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
environment:
|
||||||
|
- WEBDAV_USER=user
|
||||||
|
- WEBDAV_PASS=password1
|
||||||
|
- NGINX_CLIENT_MAX_BODY_SIZE=500M
|
||||||
|
networks:
|
||||||
|
- webdav
|
||||||
|
ports:
|
||||||
|
- '8888:80'
|
||||||
|
volumes:
|
||||||
|
- 'webdav:/var/www/webdav'
|
||||||
|
|
||||||
|
networks:
|
||||||
|
webdav:
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
webdav:
|
||||||
|
driver: local
|
27
entrypoint.sh
Executable file
27
entrypoint.sh
Executable file
@ -0,0 +1,27 @@
|
|||||||
|
#!/bin/sh -e
|
||||||
|
|
||||||
|
printf "########################################\n"
|
||||||
|
printf "# Container starting up!\n"
|
||||||
|
printf "########################################\n"
|
||||||
|
|
||||||
|
# Check for WebDav user/pass
|
||||||
|
printf "# STATE: Checking for WebDav user/pass\n"
|
||||||
|
if [ -n "$WEBDAV_USER" ] && [ -n "$WEBDAV_PASS" ]
|
||||||
|
then
|
||||||
|
printf "# STATE: WebDav user/pass written to /etc/nginx/webdav_credentials\n"
|
||||||
|
htpasswd -b -c /etc/nginx/webdav_credentials $WEBDAV_USER $WEBDAV_PASS > /dev/null 2>&1
|
||||||
|
else
|
||||||
|
printf "# WARN: No WebDav user/pass were set, the "restricted" directory has no authentication on it!\n"
|
||||||
|
sed -i "s/.*auth_basic.*//g" /etc/nginx/sites-enabled/webdav
|
||||||
|
sed -i "s/.*auth_basic_user_file.*//g" /etc/nginx/sites-enabled/webdav
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check for client_max_body_size setting
|
||||||
|
if [ -n "$NGINX_CLIENT_MAX_BODY_SIZE" ]
|
||||||
|
then
|
||||||
|
printf "# STATE: Setting client_max_body_size to $NGINX_CLIENT_MAX_BODY_SIZE\n"
|
||||||
|
sed -i "s/client_max_body_size 250M;/client_max_body_size $NGINX_CLIENT_MAX_BODY_SIZE;/g" /etc/nginx/sites-enabled/webdav
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf "# STATE: Nginx is starting up now, the logs you see below are error_log and access_log from Nginx\n"
|
||||||
|
exec "$@"
|
21
password.sh
21
password.sh
@ -1,21 +0,0 @@
|
|||||||
#!/bin/sh -e
|
|
||||||
|
|
||||||
printf "#####\n"
|
|
||||||
printf "# Container starting up!\n"
|
|
||||||
printf "#####\n"
|
|
||||||
|
|
||||||
# Check for WebDav user/pass
|
|
||||||
printf "# STATE: Checking for WebDav user/pass\n"
|
|
||||||
if [ -n "$WEBDAV_USER" ] && [ -n "$WEBDAV_PASS" ]
|
|
||||||
then
|
|
||||||
printf "# STATE: WebDav user/pass written to /etc/nginx/webdav_credentials\n"
|
|
||||||
htpasswd -b -c /etc/nginx/webdav_credentials $WEBDAV_USER $WEBDAV_PASS > /dev/null 2>&1
|
|
||||||
else
|
|
||||||
printf "# WARN: No WebDav user/pass were set, the 'restricted' diretory has no authentication on it!\n"
|
|
||||||
sed -i 's/.*auth_basic.*//g' /etc/nginx/sites-enabled/webdav
|
|
||||||
sed -i 's/.*auth_basic_user_file.*//g' /etc/nginx/sites-enabled/webdav
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
printf "# STATE: Nginx is starting up now, the logs you see below are error_log and access_log from Nginx\n"
|
|
||||||
exec "$@"
|
|
@ -5,6 +5,8 @@ server {
|
|||||||
root /var/www/webdav;
|
root /var/www/webdav;
|
||||||
autoindex on;
|
autoindex on;
|
||||||
|
|
||||||
|
client_max_body_size 250M;
|
||||||
|
|
||||||
location /public {
|
location /public {
|
||||||
dav_methods PUT DELETE MKCOL COPY MOVE;
|
dav_methods PUT DELETE MKCOL COPY MOVE;
|
||||||
dav_ext_methods PROPFIND OPTIONS;
|
dav_ext_methods PROPFIND OPTIONS;
|
||||||
|
Reference in New Issue
Block a user