Rename entrypoint script, detect NGINX_CLIENT_MAX_BODY_SIZE

Update debian Docker tag to v12

.github/renovate.json

@@ -0,0 +1,21 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base"
+  ],
+  "dependencyDashboard": true,
+  "dependencyDashboardTitle": "Renovate Dashboard",
+  "labels": ["renovatebot"],
+  "packageRules": [
+    {
+      "managers": ["github-actions"],
+      "matchUpdateTypes": ["patch"],
+      "automerge": true,
+      "automergeType": "pr",
+      "platformAutomerge": true
+    }
+  ],
+  "docker-compose": {
+    "ignorePaths": ["docker-compose-dev.yml"]
+  }
+}

.github/trivy.yaml

@@ -0,0 +1,5 @@
+format: table
+severity:
+  - CRITICAL
+vulnerability:
+  ignore-unfixed: true

.github/workflows/container_scan.yml

@@ -1,46 +0,0 @@
-name: Container scan on commit to master
-
-on:
-  push:
-    branches:
-      - master
-
-env:
-  USER: loganmarchione
-  REPO: docker-webdav-nginx
-
-jobs:
-  ubuntu_ci:
-    name: Build and scan
-
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Check out the codebase
-      uses: actions/checkout@v2
-
-    - name: Set variables
-      run: |
-        VER=$(cat VERSION)
-        echo "VERSION=$VER" >> $GITHUB_ENV
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-
-    - name: Build Docker Image
-      uses: docker/build-push-action@v2
-      with:
-        push: false
-        context: .
-        file: Dockerfile
-        load: true
-        tags: |
-          ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
-          ${{ env.USER }}/${{ env.REPO }}:latest
-
-    - name: Container scan
-      uses: azure/container-scan@v0
-      with:
-        image-name: ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
-        severity-threshold: CRITICAL
-        run-quality-checks: true

.github/workflows/main.yml

@@ -6,20 +6,37 @@ on:
       - "[0-9]+.[0-9]+.[0-9]+"
   schedule:
     - cron: "0 5 * * 0"
+  workflow_dispatch:
 
 env:
   USER: loganmarchione
   REPO: docker-webdav-nginx
 
 jobs:
-  ubuntu_ci:
-    name: Build and test
+  lint:
+    name: Lint
 
     runs-on: ubuntu-latest
 
     steps:
     - name: Check out the codebase
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
+
+    - name: Lint Dockerfile with Hadolint
+      uses: hadolint/hadolint-action@v3.1.0
+      with:
+        failure-threshold: error
+        ignore: DL3008,DL3018
+
+  ci:
+    name: Build and test
+
+    needs: lint
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Check out the codebase
+      uses: actions/checkout@v3
 
     - name: Set variables
       run: |
@@ -27,10 +44,10 @@ jobs:
         echo "VERSION=$VER" >> $GITHUB_ENV
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@v2
 
     - name: Build Docker Image
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@v4
       with:
         push: false
         context: .
@@ -46,22 +63,31 @@ jobs:
         docker run --name test-container --detach --env WEBDAV_USER=user --env WEBDAV_PASS=password1 --volume 'webdav:/var/www/webdav' ${USER}/${REPO}:${VERSION}
         docker ps -a
 
-    - name: Container scan
-      uses: azure/container-scan@v0
+    - name: Container scan with Dockle
+      uses: goodwithtech/dockle-action@0.1.0
       with:
-        image-name: ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
-        severity-threshold: CRITICAL
-        run-quality-checks: true
+        image: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}'
+        format: 'list'
+        exit-code: '1'
+        exit-level: 'warn'
+        ignore: 'CIS-DI-0001'
 
-  ubuntu_cd:
+    - name: Container scan with Trivy
+      uses: aquasecurity/trivy-action@0.11.2
+      with:
+        scan-type: 'image'
+        image-ref: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}'
+        trivy-config: ./github/trivy.yaml
+
+  cd:
     name: Deploy
 
-    needs: ubuntu_ci
+    needs: ci
     runs-on: ubuntu-latest
 
     steps:
     - name: Check out the codebase
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Set variables
       run: |
@@ -69,20 +95,20 @@ jobs:
         echo "VERSION=$VER" >> $GITHUB_ENV
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v1
+      uses: docker/setup-qemu-action@v2
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
+      uses: docker/setup-buildx-action@v2
 
     - name: Login to DockerHub
-      uses: docker/login-action@v1
+      uses: docker/login-action@v2
       with:
         username: ${{ secrets.DOCKER_HUB_USER }}
         password: ${{ secrets.DOCKER_HUB_PASS }}
         logout: true
 
     - name: Build Docker Image
-      uses: docker/build-push-action@v2
+      uses: docker/build-push-action@v4
       with:
         push: true
         context: .

Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:focal
+FROM debian:12-slim
 
 ARG BUILD_DATE
 
@@ -11,9 +11,9 @@ LABEL \
 
 ARG DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN apt-get update && apt-get -y install --no-install-recommends \
     apache2-utils \
-    netcat \
+    netcat-openbsd \
     nginx-extras && \
     rm -rf /var/lib/apt/lists/* && \
     mkdir -p "/var/www/webdav/restricted" && \
@@ -25,11 +25,13 @@ EXPOSE 80
 
 VOLUME [ "/var/www/webdav" ]
 
-COPY password.sh password.sh
+COPY entrypoint.sh /
+
+COPY VERSION /
 
 COPY webdav.conf /etc/nginx/sites-enabled/webdav
 
-ENTRYPOINT ["/password.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
 
 CMD ["nginx", "-g", "daemon off;"]
 

README.md

@@ -6,9 +6,10 @@
 Runs a Nginx WebDav server in Docker
   - Source code: [GitHub](https://github.com/loganmarchione/docker-webdav-nginx)
   - Docker container: [Docker Hub](https://hub.docker.com/r/loganmarchione/docker-webdav-nginx)
-  - Image base: [Ubuntu](https://hub.docker.com/_/ubuntu)
+  - Image base: [Debian](https://hub.docker.com/_/debian)
   - Init system: N/A
   - Application: [Nginx](https://nginx.org/)
+  - Architecture: `linux/amd64,linux/arm64,linux/arm/v7`
 
 ## Explanation
 
@@ -30,9 +31,10 @@ Runs a Nginx WebDav server in Docker
 
 ### Environment variables
 | Variable                   | Required?          | Definition                                                                                                     | Example                    | Comments                                                     |
-|-------------|-----------|----------------------------------|----------------------------|--------------------------------------------------------------|
+|----------------------------|--------------------|----------------------------------------------------------------------------------------------------------------|----------------------------|--------------------------------------------------------------|
 | WEBDAV_USER                | No                 | WebDav username                                                                                                | user                       | user AND pass need to be set for authentication to work      |
 | WEBDAV_PASS                | No                 | WebDav password                                                                                                | password1                  | user AND pass need to be set for authentication to work      |
+| NGINX_CLIENT_MAX_BODY_SIZE | No (default: 250M) | Nginx's [client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size)  | 500M                       | Be sure to include the units. Set to `0` to disable.         |
 
 ### Ports
 | Port on host              | Port in container | Comments            |
@@ -50,11 +52,12 @@ Below is an example docker-compose.yml file.
 version: '3'
 services:
   webdav:
-    container_name: webdav
+    container_name: docker-webdav-nginx
     restart: unless-stopped
     environment:
       - WEBDAV_USER=user
       - WEBDAV_PASS=password1
+      - NGINX_CLIENT_MAX_BODY_SIZE=500M
     networks:
       - webdav
     ports:
@@ -71,4 +74,16 @@ volumes:
     driver: local
 ```
 
+Below is an example of running locally (used to edit/test/debug).
+```
+# Build the Dockerfile
+docker compose -f docker-compose-dev.yml up -d
+
+# View logs
+docker compose -f docker-compose-dev.yml logs -f
+
+# Destroy when done
+docker compose -f docker-compose-dev.yml down
+```
+
 ## TODO

VERSION

@@ -1 +1 @@
-0.0.2
+0.3.1

docker-compose-dev.yml

@@ -0,0 +1,25 @@
+version: '3'
+services:
+  webdav:
+    container_name: docker-webdav-nginx
+    restart: unless-stopped
+    build:
+      context: .
+      dockerfile: Dockerfile
+    environment:
+      - WEBDAV_USER=user
+      - WEBDAV_PASS=password1
+      - NGINX_CLIENT_MAX_BODY_SIZE=500M
+    networks:
+      - webdav
+    ports:
+      - '8888:80'
+    volumes:
+      - 'webdav:/var/www/webdav'
+
+networks:
+  webdav:
+
+volumes:
+  webdav:
+    driver: local

entrypoint.sh

@@ -0,0 +1,27 @@
+#!/bin/sh -e
+
+printf "########################################\n"
+printf "# Container starting up!\n"
+printf "########################################\n"
+
+# Check for WebDav user/pass
+printf "# STATE: Checking for WebDav user/pass\n"
+if [ -n "$WEBDAV_USER" ] && [ -n "$WEBDAV_PASS" ]
+then
+	printf "# STATE: WebDav user/pass written to /etc/nginx/webdav_credentials\n"
+	htpasswd -b -c /etc/nginx/webdav_credentials $WEBDAV_USER $WEBDAV_PASS > /dev/null 2>&1
+else
+	printf "# WARN:  No WebDav user/pass were set, the "restricted" directory has no authentication on it!\n"
+	sed -i "s/.*auth_basic.*//g" /etc/nginx/sites-enabled/webdav
+	sed -i "s/.*auth_basic_user_file.*//g" /etc/nginx/sites-enabled/webdav
+fi
+
+# Check for client_max_body_size setting
+if [ -n "$NGINX_CLIENT_MAX_BODY_SIZE" ]
+then
+	printf "# STATE: Setting client_max_body_size to $NGINX_CLIENT_MAX_BODY_SIZE\n"
+	sed -i "s/client_max_body_size 250M;/client_max_body_size $NGINX_CLIENT_MAX_BODY_SIZE;/g" /etc/nginx/sites-enabled/webdav
+fi
+
+printf "# STATE: Nginx is starting up now, the logs you see below are error_log and access_log from Nginx\n"
+exec "$@"

password.sh

@@ -1,21 +0,0 @@
-#!/bin/sh -e
-
-printf "#####\n"
-printf "# Container starting up!\n"
-printf "#####\n"
-
-# Check for WebDav user/pass
-printf "# STATE: Checking for WebDav user/pass\n"
-if [ -n "$WEBDAV_USER" ] && [ -n "$WEBDAV_PASS" ]
-then
-	printf "# STATE: WebDav user/pass written to /etc/nginx/webdav_credentials\n"
-	htpasswd -b -c /etc/nginx/webdav_credentials $WEBDAV_USER $WEBDAV_PASS > /dev/null 2>&1
-else
-	printf "# WARN:  No WebDav user/pass were set, the 'restricted' diretory has no authentication on it!\n"
-	sed -i 's/.*auth_basic.*//g' /etc/nginx/sites-enabled/webdav
-	sed -i 's/.*auth_basic_user_file.*//g' /etc/nginx/sites-enabled/webdav
-fi
-
-
-printf "# STATE: Nginx is starting up now, the logs you see below are error_log and access_log from Nginx\n"
-exec "$@"

webdav.conf

@@ -5,6 +5,8 @@ server {
   root /var/www/webdav;
   autoindex on;
 
+  client_max_body_size 250M;
+
   location /public {
     dav_methods            PUT DELETE MKCOL COPY MOVE;
     dav_ext_methods        PROPFIND OPTIONS;