39 Commits
0.1.0 ... 0.3.1

Author SHA1 Message Date
0179b787b1 Rename entrypoint script, detect NGINX_CLIENT_MAX_BODY_SIZE 2023-06-19 15:14:22 -04:00
5f1906feb8 Add default client_max_body_size 2023-06-19 15:14:01 -04:00
f708d1f194 Add NGINX_CLIENT_MAX_BODY_SIZE to example 2023-06-19 15:13:42 -04:00
ef8106adcd Bump version 2023-06-19 15:13:10 -04:00
cc14a5e76a Rename entrypoint script 2023-06-19 15:13:01 -04:00
43ee8da6ef Bump VERSION 2023-06-19 14:50:19 -04:00
836c86e165 Change netcat package name for Debian 12 2023-06-19 14:49:20 -04:00
0a84b8e997 Merge pull request #15 from loganmarchione/renovate/debian-12.x
Update debian Docker tag to v12
2023-06-19 18:44:19 +00:00
4666fae569 Update debian Docker tag to v12 2023-06-13 01:32:21 +00:00
12fa7c5ef6 Merge pull request #14 from loganmarchione/renovate/aquasecurity-trivy-action-0.x
Update aquasecurity/trivy-action action to v0.11.2
2023-06-12 17:12:53 +00:00
ca5461743d Update aquasecurity/trivy-action action to v0.11.2 2023-06-09 22:52:35 +00:00
5fbc7e8112 Merge pull request #13 from loganmarchione/renovate/aquasecurity-trivy-action-0.x
Update aquasecurity/trivy-action action to v0.11.0
2023-06-06 00:48:45 +00:00
c7d1c72737 Update aquasecurity/trivy-action action to v0.11.0 2023-06-05 19:47:39 +00:00
dc25bd9e65 Merge pull request #12 from loganmarchione/renovate/aquasecurity-trivy-action-0.x
Update aquasecurity/trivy-action action to v0.10.0
2023-04-19 17:05:54 +00:00
eed796c375 Update aquasecurity/trivy-action action to v0.10.0 2023-04-19 02:06:05 +00:00
78fdcfd36b Update renovate.json 2023-03-31 09:44:47 -04:00
b7c9c4166c Update network name 2023-03-30 21:33:21 -04:00
d86126bf70 Add Docker Compose for debugging 2023-03-30 21:13:18 -04:00
aa88052b5a Update main.yml 2023-03-28 01:39:22 +00:00
f86a6d83f0 Update README 2023-03-27 21:29:04 -04:00
58df557883 Update Dockerfile 2023-03-28 01:28:35 +00:00
fb7d5f5b1e Switch base from Ubuntu to Debian 2023-03-27 21:10:30 -04:00
a47abc2d9f Update Dockerfile 2023-03-28 00:58:11 +00:00
04063c496a Update main.yml 2023-03-27 20:40:41 +00:00
7f25c4943a Merge pull request #11 from loganmarchione/renovate/aquasecurity-trivy-action-0.x
Update aquasecurity/trivy-action action to v0.9.2
2023-03-09 15:22:57 +00:00
b7bb809d68 Update aquasecurity/trivy-action action to v0.9.2 2023-03-07 16:10:26 +00:00
79d5310d5d Update renovate.json 2023-03-07 11:10:13 -05:00
72a8d74e35 Merge pull request #10 from loganmarchione/renovate/aquasecurity-trivy-action-0.x
Update aquasecurity/trivy-action action to v0.9.1
2023-02-10 18:54:28 +00:00
7006125b0b Update aquasecurity/trivy-action action to v0.9.1 2023-02-10 10:41:27 +00:00
aa9f917d4a Merge pull request #9 from loganmarchione/renovate/aquasecurity-trivy-action-0.x
Update aquasecurity/trivy-action action to v0.9.0
2023-02-02 16:21:42 +00:00
c17c2c3b73 Update aquasecurity/trivy-action action to v0.9.0 2023-02-02 00:58:16 +00:00
540117be56 Merge pull request #8 from loganmarchione/renovate/docker-build-push-action-4.x
Update docker/build-push-action action to v4
2023-02-01 21:01:16 +00:00
f3e0b7561d Update docker/build-push-action action to v4 2023-01-30 19:47:12 +00:00
dce7230498 Update main.yml 2023-01-03 15:32:34 +00:00
2d1ee0afa0 Merge pull request #7 from loganmarchione/renovate/goodwithtech-dockle-0.x
Update goodwithtech/dockle Docker tag to v0.4.10
2023-01-02 16:42:37 +00:00
6c910626f8 Update goodwithtech/dockle Docker tag to v0.4.10 2023-01-02 16:42:04 +00:00
5b7aaf23d6 Update main.yml 2022-12-28 22:16:50 +00:00
8cc044ab01 Create trivy.yaml 2022-12-28 21:59:32 +00:00
cbb67c7319 Update main.yml 2022-12-28 21:59:08 +00:00
10 changed files with 135 additions and 44 deletions

14
.github/renovate.json vendored
View File

@ -5,5 +5,17 @@
], ],
"dependencyDashboard": true, "dependencyDashboard": true,
"dependencyDashboardTitle": "Renovate Dashboard", "dependencyDashboardTitle": "Renovate Dashboard",
"labels": ["renovatebot"] "labels": ["renovatebot"],
"packageRules": [
{
"managers": ["github-actions"],
"matchUpdateTypes": ["patch"],
"automerge": true,
"automergeType": "pr",
"platformAutomerge": true
}
],
"docker-compose": {
"ignorePaths": ["docker-compose-dev.yml"]
}
} }

5
.github/trivy.yaml vendored Normal file
View File

@ -0,0 +1,5 @@
format: table
severity:
- CRITICAL
vulnerability:
ignore-unfixed: true

View File

@ -13,9 +13,25 @@ env:
REPO: docker-webdav-nginx REPO: docker-webdav-nginx
jobs: jobs:
ubuntu_ci: lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase
uses: actions/checkout@v3
- name: Lint Dockerfile with Hadolint
uses: hadolint/hadolint-action@v3.1.0
with:
failure-threshold: error
ignore: DL3008,DL3018
ci:
name: Build and test name: Build and test
needs: lint
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -31,7 +47,7 @@ jobs:
uses: docker/setup-buildx-action@v2 uses: docker/setup-buildx-action@v2
- name: Build Docker Image - name: Build Docker Image
uses: docker/build-push-action@v3 uses: docker/build-push-action@v4
with: with:
push: false push: false
context: . context: .
@ -47,17 +63,26 @@ jobs:
docker run --name test-container --detach --env WEBDAV_USER=user --env WEBDAV_PASS=password1 --volume 'webdav:/var/www/webdav' ${USER}/${REPO}:${VERSION} docker run --name test-container --detach --env WEBDAV_USER=user --env WEBDAV_PASS=password1 --volume 'webdav:/var/www/webdav' ${USER}/${REPO}:${VERSION}
docker ps -a docker ps -a
- name: Container scan - name: Container scan with Dockle
uses: azure/container-scan@v0 uses: goodwithtech/dockle-action@0.1.0
with: with:
image-name: ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }} image: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}'
severity-threshold: CRITICAL format: 'list'
run-quality-checks: true exit-code: '1'
exit-level: 'warn'
ignore: 'CIS-DI-0001'
ubuntu_cd: - name: Container scan with Trivy
uses: aquasecurity/trivy-action@0.11.2
with:
scan-type: 'image'
image-ref: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}'
trivy-config: ./github/trivy.yaml
cd:
name: Deploy name: Deploy
needs: ubuntu_ci needs: ci
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -83,7 +108,7 @@ jobs:
logout: true logout: true
- name: Build Docker Image - name: Build Docker Image
uses: docker/build-push-action@v3 uses: docker/build-push-action@v4
with: with:
push: true push: true
context: . context: .

View File

@ -1,4 +1,4 @@
FROM ubuntu:jammy FROM debian:12-slim
ARG BUILD_DATE ARG BUILD_DATE
@ -11,9 +11,9 @@ LABEL \
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \ RUN apt-get update && apt-get -y install --no-install-recommends \
apache2-utils \ apache2-utils \
netcat \ netcat-openbsd \
nginx-extras && \ nginx-extras && \
rm -rf /var/lib/apt/lists/* && \ rm -rf /var/lib/apt/lists/* && \
mkdir -p "/var/www/webdav/restricted" && \ mkdir -p "/var/www/webdav/restricted" && \
@ -25,11 +25,13 @@ EXPOSE 80
VOLUME [ "/var/www/webdav" ] VOLUME [ "/var/www/webdav" ]
COPY password.sh password.sh COPY entrypoint.sh /
COPY VERSION /
COPY webdav.conf /etc/nginx/sites-enabled/webdav COPY webdav.conf /etc/nginx/sites-enabled/webdav
ENTRYPOINT ["/password.sh"] ENTRYPOINT ["/entrypoint.sh"]
CMD ["nginx", "-g", "daemon off;"] CMD ["nginx", "-g", "daemon off;"]

View File

@ -6,7 +6,7 @@
Runs a Nginx WebDav server in Docker Runs a Nginx WebDav server in Docker
- Source code: [GitHub](https://github.com/loganmarchione/docker-webdav-nginx) - Source code: [GitHub](https://github.com/loganmarchione/docker-webdav-nginx)
- Docker container: [Docker Hub](https://hub.docker.com/r/loganmarchione/docker-webdav-nginx) - Docker container: [Docker Hub](https://hub.docker.com/r/loganmarchione/docker-webdav-nginx)
- Image base: [Ubuntu](https://hub.docker.com/_/ubuntu) - Image base: [Debian](https://hub.docker.com/_/debian)
- Init system: N/A - Init system: N/A
- Application: [Nginx](https://nginx.org/) - Application: [Nginx](https://nginx.org/)
- Architecture: `linux/amd64,linux/arm64,linux/arm/v7` - Architecture: `linux/amd64,linux/arm64,linux/arm/v7`
@ -31,9 +31,10 @@ Runs a Nginx WebDav server in Docker
### Environment variables ### Environment variables
| Variable | Required? | Definition | Example | Comments | | Variable | Required? | Definition | Example | Comments |
|-------------|-----------|----------------------------------|----------------------------|--------------------------------------------------------------| |----------------------------|--------------------|----------------------------------------------------------------------------------------------------------------|----------------------------|--------------------------------------------------------------|
| WEBDAV_USER | No | WebDav username | user | user AND pass need to be set for authentication to work | | WEBDAV_USER | No | WebDav username | user | user AND pass need to be set for authentication to work |
| WEBDAV_PASS | No | WebDav password | password1 | user AND pass need to be set for authentication to work | | WEBDAV_PASS | No | WebDav password | password1 | user AND pass need to be set for authentication to work |
| NGINX_CLIENT_MAX_BODY_SIZE | No (default: 250M) | Nginx's [client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) | 500M | Be sure to include the units. Set to `0` to disable. |
### Ports ### Ports
| Port on host | Port in container | Comments | | Port on host | Port in container | Comments |
@ -51,11 +52,12 @@ Below is an example docker-compose.yml file.
version: '3' version: '3'
services: services:
webdav: webdav:
container_name: webdav container_name: docker-webdav-nginx
restart: unless-stopped restart: unless-stopped
environment: environment:
- WEBDAV_USER=user - WEBDAV_USER=user
- WEBDAV_PASS=password1 - WEBDAV_PASS=password1
- NGINX_CLIENT_MAX_BODY_SIZE=500M
networks: networks:
- webdav - webdav
ports: ports:
@ -72,4 +74,16 @@ volumes:
driver: local driver: local
``` ```
Below is an example of running locally (used to edit/test/debug).
```
# Build the Dockerfile
docker compose -f docker-compose-dev.yml up -d
# View logs
docker compose -f docker-compose-dev.yml logs -f
# Destroy when done
docker compose -f docker-compose-dev.yml down
```
## TODO ## TODO

View File

@ -1 +1 @@
0.1.0 0.3.1

25
docker-compose-dev.yml Normal file
View File

@ -0,0 +1,25 @@
version: '3'
services:
webdav:
container_name: docker-webdav-nginx
restart: unless-stopped
build:
context: .
dockerfile: Dockerfile
environment:
- WEBDAV_USER=user
- WEBDAV_PASS=password1
- NGINX_CLIENT_MAX_BODY_SIZE=500M
networks:
- webdav
ports:
- '8888:80'
volumes:
- 'webdav:/var/www/webdav'
networks:
webdav:
volumes:
webdav:
driver: local

27
entrypoint.sh Executable file
View File

@ -0,0 +1,27 @@
#!/bin/sh -e
printf "########################################\n"
printf "# Container starting up!\n"
printf "########################################\n"
# Check for WebDav user/pass
printf "# STATE: Checking for WebDav user/pass\n"
if [ -n "$WEBDAV_USER" ] && [ -n "$WEBDAV_PASS" ]
then
printf "# STATE: WebDav user/pass written to /etc/nginx/webdav_credentials\n"
htpasswd -b -c /etc/nginx/webdav_credentials $WEBDAV_USER $WEBDAV_PASS > /dev/null 2>&1
else
printf "# WARN: No WebDav user/pass were set, the "restricted" directory has no authentication on it!\n"
sed -i "s/.*auth_basic.*//g" /etc/nginx/sites-enabled/webdav
sed -i "s/.*auth_basic_user_file.*//g" /etc/nginx/sites-enabled/webdav
fi
# Check for client_max_body_size setting
if [ -n "$NGINX_CLIENT_MAX_BODY_SIZE" ]
then
printf "# STATE: Setting client_max_body_size to $NGINX_CLIENT_MAX_BODY_SIZE\n"
sed -i "s/client_max_body_size 250M;/client_max_body_size $NGINX_CLIENT_MAX_BODY_SIZE;/g" /etc/nginx/sites-enabled/webdav
fi
printf "# STATE: Nginx is starting up now, the logs you see below are error_log and access_log from Nginx\n"
exec "$@"

View File

@ -1,21 +0,0 @@
#!/bin/sh -e
printf "#####\n"
printf "# Container starting up!\n"
printf "#####\n"
# Check for WebDav user/pass
printf "# STATE: Checking for WebDav user/pass\n"
if [ -n "$WEBDAV_USER" ] && [ -n "$WEBDAV_PASS" ]
then
printf "# STATE: WebDav user/pass written to /etc/nginx/webdav_credentials\n"
htpasswd -b -c /etc/nginx/webdav_credentials $WEBDAV_USER $WEBDAV_PASS > /dev/null 2>&1
else
printf "# WARN: No WebDav user/pass were set, the 'restricted' diretory has no authentication on it!\n"
sed -i 's/.*auth_basic.*//g' /etc/nginx/sites-enabled/webdav
sed -i 's/.*auth_basic_user_file.*//g' /etc/nginx/sites-enabled/webdav
fi
printf "# STATE: Nginx is starting up now, the logs you see below are error_log and access_log from Nginx\n"
exec "$@"

View File

@ -5,6 +5,8 @@ server {
root /var/www/webdav; root /var/www/webdav;
autoindex on; autoindex on;
client_max_body_size 250M;
location /public { location /public {
dav_methods PUT DELETE MKCOL COPY MOVE; dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS; dav_ext_methods PROPFIND OPTIONS;