Rename entrypoint script, detect NGINX_CLIENT_MAX_BODY_SIZE

Update debian Docker tag to v12

.github/renovate.json

@@ -5,5 +5,17 @@
   ],
   "dependencyDashboard": true,
   "dependencyDashboardTitle": "Renovate Dashboard",
-  "labels": ["renovatebot"]
+  "labels": ["renovatebot"],
+  "packageRules": [
+    {
+      "managers": ["github-actions"],
+      "matchUpdateTypes": ["patch"],
+      "automerge": true,
+      "automergeType": "pr",
+      "platformAutomerge": true
+    }
+  ],
+  "docker-compose": {
+    "ignorePaths": ["docker-compose-dev.yml"]
+  }
 }

.github/trivy.yaml

@@ -0,0 +1,5 @@
+format: table
+severity:
+  - CRITICAL
+vulnerability:
+  ignore-unfixed: true

.github/workflows/main.yml

@@ -13,9 +13,25 @@ env:
   REPO: docker-webdav-nginx
 
 jobs:
-  ubuntu_ci:
+  lint:
+    name: Lint
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Check out the codebase
+      uses: actions/checkout@v3
+
+    - name: Lint Dockerfile with Hadolint
+      uses: hadolint/hadolint-action@v3.1.0
+      with:
+        failure-threshold: error
+        ignore: DL3008,DL3018
+
+  ci:
     name: Build and test
 
+    needs: lint
     runs-on: ubuntu-latest
 
     steps:
@@ -31,7 +47,7 @@ jobs:
       uses: docker/setup-buildx-action@v2
 
     - name: Build Docker Image
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v4
       with:
         push: false
         context: .
@@ -47,17 +63,26 @@ jobs:
         docker run --name test-container --detach --env WEBDAV_USER=user --env WEBDAV_PASS=password1 --volume 'webdav:/var/www/webdav' ${USER}/${REPO}:${VERSION}
         docker ps -a
 
-    - name: Container scan
+    - name: Container scan with Dockle
-      uses: azure/container-scan@v0
+      uses: goodwithtech/dockle-action@0.1.0
       with:
-        image-name: ${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}
+        image: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}'
-        severity-threshold: CRITICAL
+        format: 'list'
-        run-quality-checks: true
+        exit-code: '1'
+        exit-level: 'warn'
+        ignore: 'CIS-DI-0001'
 
-  ubuntu_cd:
+    - name: Container scan with Trivy
+      uses: aquasecurity/trivy-action@0.11.2
+      with:
+        scan-type: 'image'
+        image-ref: '${{ env.USER }}/${{ env.REPO }}:${{ env.VERSION }}'
+        trivy-config: ./github/trivy.yaml
+
+  cd:
     name: Deploy
 
-    needs: ubuntu_ci
+    needs: ci
     runs-on: ubuntu-latest
 
     steps:
@@ -83,7 +108,7 @@ jobs:
         logout: true
 
     - name: Build Docker Image
-      uses: docker/build-push-action@v3
+      uses: docker/build-push-action@v4
       with:
         push: true
         context: .

Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:jammy
+FROM debian:12-slim
 
 ARG BUILD_DATE
 
@@ -11,9 +11,9 @@ LABEL \
 
 ARG DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN apt-get update && apt-get -y install --no-install-recommends \
     apache2-utils \
-    netcat \
+    netcat-openbsd \
     nginx-extras && \
     rm -rf /var/lib/apt/lists/* && \
     mkdir -p "/var/www/webdav/restricted" && \
@@ -25,11 +25,13 @@ EXPOSE 80
 
 VOLUME [ "/var/www/webdav" ]
 
-COPY password.sh password.sh
+COPY entrypoint.sh /
+
+COPY VERSION /
 
 COPY webdav.conf /etc/nginx/sites-enabled/webdav
 
-ENTRYPOINT ["/password.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
 
 CMD ["nginx", "-g", "daemon off;"]
 

README.md

@@ -6,7 +6,7 @@
 Runs a Nginx WebDav server in Docker
   - Source code: [GitHub](https://github.com/loganmarchione/docker-webdav-nginx)
   - Docker container: [Docker Hub](https://hub.docker.com/r/loganmarchione/docker-webdav-nginx)
-  - Image base: [Ubuntu](https://hub.docker.com/_/ubuntu)
+  - Image base: [Debian](https://hub.docker.com/_/debian)
   - Init system: N/A
   - Application: [Nginx](https://nginx.org/)
   - Architecture: `linux/amd64,linux/arm64,linux/arm/v7`
@@ -31,9 +31,10 @@ Runs a Nginx WebDav server in Docker
 
 ### Environment variables
 | Variable                   | Required?          | Definition                                                                                                     | Example                    | Comments                                                     |
-|-------------|-----------|----------------------------------|----------------------------|--------------------------------------------------------------|
+|----------------------------|--------------------|----------------------------------------------------------------------------------------------------------------|----------------------------|--------------------------------------------------------------|
 | WEBDAV_USER                | No                 | WebDav username                                                                                                | user                       | user AND pass need to be set for authentication to work      |
 | WEBDAV_PASS                | No                 | WebDav password                                                                                                | password1                  | user AND pass need to be set for authentication to work      |
+| NGINX_CLIENT_MAX_BODY_SIZE | No (default: 250M) | Nginx's [client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size)  | 500M                       | Be sure to include the units. Set to `0` to disable.         |
 
 ### Ports
 | Port on host              | Port in container | Comments            |
@@ -51,11 +52,12 @@ Below is an example docker-compose.yml file.
 version: '3'
 services:
   webdav:
-    container_name: webdav
+    container_name: docker-webdav-nginx
     restart: unless-stopped
     environment:
       - WEBDAV_USER=user
       - WEBDAV_PASS=password1
+      - NGINX_CLIENT_MAX_BODY_SIZE=500M
     networks:
       - webdav
     ports:
@@ -72,4 +74,16 @@ volumes:
     driver: local
 ```
 
+Below is an example of running locally (used to edit/test/debug).
+```
+# Build the Dockerfile
+docker compose -f docker-compose-dev.yml up -d
+
+# View logs
+docker compose -f docker-compose-dev.yml logs -f
+
+# Destroy when done
+docker compose -f docker-compose-dev.yml down
+```
+
 ## TODO

VERSION

@@ -1 +1 @@
-0.1.0
+0.3.1

docker-compose-dev.yml

@@ -0,0 +1,25 @@
+version: '3'
+services:
+  webdav:
+    container_name: docker-webdav-nginx
+    restart: unless-stopped
+    build:
+      context: .
+      dockerfile: Dockerfile
+    environment:
+      - WEBDAV_USER=user
+      - WEBDAV_PASS=password1
+      - NGINX_CLIENT_MAX_BODY_SIZE=500M
+    networks:
+      - webdav
+    ports:
+      - '8888:80'
+    volumes:
+      - 'webdav:/var/www/webdav'
+
+networks:
+  webdav:
+
+volumes:
+  webdav:
+    driver: local

entrypoint.sh

@@ -0,0 +1,27 @@
+#!/bin/sh -e
+
+printf "########################################\n"
+printf "# Container starting up!\n"
+printf "########################################\n"
+
+# Check for WebDav user/pass
+printf "# STATE: Checking for WebDav user/pass\n"
+if [ -n "$WEBDAV_USER" ] && [ -n "$WEBDAV_PASS" ]
+then
+	printf "# STATE: WebDav user/pass written to /etc/nginx/webdav_credentials\n"
+	htpasswd -b -c /etc/nginx/webdav_credentials $WEBDAV_USER $WEBDAV_PASS > /dev/null 2>&1
+else
+	printf "# WARN:  No WebDav user/pass were set, the "restricted" directory has no authentication on it!\n"
+	sed -i "s/.*auth_basic.*//g" /etc/nginx/sites-enabled/webdav
+	sed -i "s/.*auth_basic_user_file.*//g" /etc/nginx/sites-enabled/webdav
+fi
+
+# Check for client_max_body_size setting
+if [ -n "$NGINX_CLIENT_MAX_BODY_SIZE" ]
+then
+	printf "# STATE: Setting client_max_body_size to $NGINX_CLIENT_MAX_BODY_SIZE\n"
+	sed -i "s/client_max_body_size 250M;/client_max_body_size $NGINX_CLIENT_MAX_BODY_SIZE;/g" /etc/nginx/sites-enabled/webdav
+fi
+
+printf "# STATE: Nginx is starting up now, the logs you see below are error_log and access_log from Nginx\n"
+exec "$@"

password.sh

@@ -1,21 +0,0 @@
-#!/bin/sh -e
-
-printf "#####\n"
-printf "# Container starting up!\n"
-printf "#####\n"
-
-# Check for WebDav user/pass
-printf "# STATE: Checking for WebDav user/pass\n"
-if [ -n "$WEBDAV_USER" ] && [ -n "$WEBDAV_PASS" ]
-then
-	printf "# STATE: WebDav user/pass written to /etc/nginx/webdav_credentials\n"
-	htpasswd -b -c /etc/nginx/webdav_credentials $WEBDAV_USER $WEBDAV_PASS > /dev/null 2>&1
-else
-	printf "# WARN:  No WebDav user/pass were set, the 'restricted' diretory has no authentication on it!\n"
-	sed -i 's/.*auth_basic.*//g' /etc/nginx/sites-enabled/webdav
-	sed -i 's/.*auth_basic_user_file.*//g' /etc/nginx/sites-enabled/webdav
-fi
-
-
-printf "# STATE: Nginx is starting up now, the logs you see below are error_log and access_log from Nginx\n"
-exec "$@"

webdav.conf

@@ -5,6 +5,8 @@ server {
   root /var/www/webdav;
   autoindex on;
 
+  client_max_body_size 250M;
+
   location /public {
     dav_methods            PUT DELETE MKCOL COPY MOVE;
     dav_ext_methods        PROPFIND OPTIONS;