Add simple SSL support

Dockerfile

@@ -31,6 +31,12 @@ ca-certificates \
 jq \
 && rm -rf /var/lib/apt/lists/*
 
+#Preparation des vhost apache
+RUN rm -f /etc/apache2/sites-available/000-default.conf
+COPY site.conf /etc/apache2/sites-available
+COPY site_redirect.conf /etc/apache2/sites-available
+COPY site_ssl.conf /etc/apache2/sites-available
+
 #Copie et execution du script pour l'installation et l'initialisation de GLPI
 COPY glpi-start.sh /opt/
 RUN chmod +x /opt/glpi-start.sh

docker-compose.yml

@@ -19,10 +19,15 @@ services:
     hostname: glpi
     ports:
       - "80:80"
+      #- "443:443"
     volumes:
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
       - /var/www/html/glpi/:/var/www/html/glpi
+      # For SSL support, needs glpi.crt and glpi.key files in 'certs' directory
+      #- ./certs:/etc/certs
     environment:
       - TIMEZONE=Europe/Brussels
-    restart: always
+      # Support to force redirecting HTTP to HTTPS
+      #- SSL_REDIRECT=https://MY_SITE_HTTPS_URL/
+    restart: always

glpi-start.sh

@@ -12,6 +12,7 @@ SRC_GLPI=$(curl -s https://api.github.com/repos/glpi-project/glpi/releases/tags/
 TAR_GLPI=$(basename ${SRC_GLPI})
 FOLDER_GLPI=glpi/
 FOLDER_WEB=/var/www/html/
+APACHE=/etc/apache2
 
 #check if TLS_REQCERT is present
 if !(grep -q "TLS_REQCERT" /etc/ldap/ldap.conf)
@@ -31,8 +32,23 @@ else
 	chown -R www-data:www-data ${FOLDER_WEB}${FOLDER_GLPI}
 fi
 
-#Modification du vhost par défaut
-echo -e "<VirtualHost *:80>\n\tDocumentRoot /var/www/html/glpi\n\n\t<Directory /var/www/html/glpi>\n\t\tAllowOverride All\n\t\tOrder Allow,Deny\n\t\tAllow from all\n\t</Directory>\n\n\tErrorLog /var/log/apache2/error-glpi.log\n\tLogLevel warn\n\tCustomLog /var/log/apache2/access-glpi.log combined\n</VirtualHost>" > /etc/apache2/sites-available/000-default.conf
+#Activation du vhost HTTP
+if [ "$SSL_REDIRECT" != "" ];
+then
+	sed -e "s#SSL_URL#$SSL_REDIRECT#" -i $APACHE/sites-available/site_redirect.conf
+	ln -s $APACHE/sites-available/site_redirect.conf $APACHE/sites-enabled/
+else
+	ln -s $APACHE/sites-available/site.conf $APACHE/sites-enabled/
+fi
+
+#Activation du vhost HTTPS
+if [ -e "/etc/certs/glpi.crt" ];
+then
+	ln -s $APACHE/mods-available/ssl.load $APACHE/mods-enabled/
+	ln -s $APACHE/mods-available/ssl.conf $APACHE/mods-enabled/
+	ln -s $APACHE/mods-available/socache_shmcb.load $APACHE/mods-enabled/
+	ln -s $APACHE/sites-available/site_ssl.conf $APACHE/sites-enabled/
+fi
 
 #Add scheduled task by cron and enable
 echo "*/2 * * * * www-data /usr/bin/php /var/www/html/glpi/front/cron.php &>/dev/null" >> /etc/cron.d/glpi

site.conf

@@ -0,0 +1,13 @@
+<VirtualHost *:80>
+	DocumentRoot /var/www/html/glpi
+
+	<Directory /var/www/html/glpi>
+		AllowOverride All
+		Order Allow,Deny
+		Allow from all
+	</Directory>
+
+	ErrorLog /var/log/apache2/error-glpi.log
+	LogLevel warn
+	CustomLog /var/log/apache2/access-glpi.log combined
+</VirtualHost>

site_redirect.conf

@@ -0,0 +1,8 @@
+<VirtualHost *:80>
+	DocumentRoot /var/www/html/glpi
+	Redirect permanent / SSL_URL
+
+	ErrorLog /var/log/apache2/error-glpi.log
+	LogLevel warn
+	CustomLog /var/log/apache2/access-glpi.log combined
+</VirtualHost>

site_ssl.conf

@@ -0,0 +1,18 @@
+<VirtualHost *:443>
+	DocumentRoot /var/www/html/glpi
+
+	SSLEngine on
+	SSLCertificateFile	/etc/certs/glpi.crt
+	SSLCertificateKeyFile	/etc/certs/glpi.key
+
+	<Directory /var/www/html/glpi>
+		AllowOverride All
+		Order Allow,Deny
+		Allow from all
+	</Directory>
+
+	ErrorLog /var/log/apache2/error-glpi-ssl.log
+	LogLevel warn
+	CustomLog /var/log/apache2/access-glpi-ssl.log combined
+</VirtualHost>
+