Merge pull request #39 from HisAtri/master

增加Apache https监听，解决Nginx反向代理出现的Mixed-Content问题
HalcyonAzure · Mar 5, 2024 · c472d45 · c472d45
2 parents 21637c1 + df0da24
commit c472d45
Show file tree

Hide file tree

Showing 7 changed files with 104 additions and 3 deletions.
diff --git a/000-default.conf.template b/000-default.conf.template
@@ -27,4 +27,16 @@
 	#Include conf-available/serve-cgi-bin.conf
 </VirtualHost>
 
+<VirtualHost *:${HTTPS_PORT}>
+    ServerAdmin webmaster@localhost
+    DocumentRoot /var/www/html/public
+
+    SSLEngine on
+    SSLCertificateFile "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+    SSLCertificateKeyFile "/etc/ssl/private/ssl-cert-snakeoil.key"
+
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/Dockerfile b/Dockerfile
@@ -23,6 +23,9 @@ FROM php:8.1-apache
 # 安装相关拓展
 ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
 
+# 开启SSL
+RUN a2enmod ssl && a2ensite default-ssl
+
 RUN apt-get update && \
     apt-get install -y gettext && \
     apt-get clean && rm -rf /var/cache/apt/* && rm -rf /var/lib/apt/lists/* && rm -rf /tmp/*  && \
@@ -52,14 +55,18 @@ RUN apt-get update && \
     chown -R www-data:root /var/www; \
     chmod -R g=u /var/www
 
+COPY ./ssl /etc/ssl
+
 COPY --from=build /build /var/www/lsky/
 COPY ./000-default.conf.template /etc/apache2/sites-enabled/
 COPY ./ports.conf.template /etc/apache2/
 COPY entrypoint.sh /
 WORKDIR /var/www/html/
 VOLUME /var/www/html
 ENV WEB_PORT 8089
+ENV HTTPS_PORT 8088
 EXPOSE ${WEB_PORT}
+EXPOSE ${HTTPS_PORT}
 RUN chmod a+x /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["apachectl","-D","FOREGROUND"]
diff --git a/README.md b/README.md
@@ -14,6 +14,37 @@ docker run -d \
     halcyonazure/lsky-pro-docker:latest
 ```
 
+### 如果要使用Nginx反向代理配置HTTPS，则使用HTTPS访问容器
+
+```docker
+docker run -d \
+    --name lsky-pro \
+    --restart unless-stopped \
+    -p 8088:8088 \
+    -p 8089:8089 \
+    -v $PWD/lsky:/var/www/html \
+    -e HTTPS_PORT=8088 \
+    -e WEB_PORT=8089 \
+    halcyonazure/lsky-pro-docker:latest
+```
+
+Nginx配置文件示例：
+
+```nginx
+location ^~ /
+{
+    proxy_pass https://127.0.0.1:8088;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header REMOTE-HOST $remote_addr;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_http_version 1.1;
+}
+```
+
+
 ## 环境变量
 
 目前该容器只有一个环境变量：`WEB_PORT`，用于指定容器内的`Apache`监听的端口，默认为`8089`，如果需要修改的话可以在启动容器时添加`-e WEB_PORT=8089`来指定端口

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -2,9 +2,10 @@
 set -eu
 
 WEB_PORT=${WEB_PORT:-8089}
+HTTPS_PORT=${HTTPS_PORT:-8088}
 
-envsubst '${WEB_PORT}' < /etc/apache2/sites-enabled/000-default.conf.template > /etc/apache2/sites-enabled/000-default.conf
-envsubst '${WEB_PORT}' < /etc/apache2/ports.conf.template > /etc/apache2/ports.conf
+envsubst '${WEB_PORT} ${HTTPS_PORT}' < /etc/apache2/sites-enabled/000-default.conf.template > /etc/apache2/sites-enabled/000-default.conf
+envsubst '${WEB_PORT} ${HTTPS_PORT}' < /etc/apache2/ports.conf.template > /etc/apache2/ports.conf
 
 if [ ! -e '/var/www/html/public/index.php' ]; then
     cp -a /var/www/lsky/* /var/www/html/

diff --git a/ports.conf.template b/ports.conf.template
@@ -1 +1,2 @@
-Listen ${WEB_PORT}
+Listen ${WEB_PORT}
+Listen ${HTTPS_PORT}
diff --git a/ssl/certs/ssl-cert-snakeoil.pem b/ssl/certs/ssl-cert-snakeoil.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfzCCAmegAwIBAgIQAPswwfdmDX4jTX2IfdDGyzANBgkqhkiG9w0BAQsFADAU
+MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjQwMzAzMTczODE0WhcNMzQwMzAxMTcz
+ODE0WjAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQCHwn/ZLxS1L795z1aAfL2GHKLZ9AWqd7bl0tKxhyTMPEk4XbgU
+KB7IbkZPqDyjRgWj3QtUCQUpvbhOHpe4PzZHG5XF1NsNlynNT+iCSKSqbSzLjy0f
+eMjyfw4pMeSbK/ez7VgZ/9HGjUwrWkzAsSWUsVUdCTTDsoOGCmYm9p/RFS5YdiLs
+DWUaedMqQeGsaMyizdCiZJaRg+lrn1VNdjQaFtSEJQEHa5tlppUiwLeHuehIoBR7
+9dJkhotrb4dnc5Dc2fa6Zs8x0lEt1uz+s7KtGvaFg5PfvjOa+mcDiRuJRn9OqGlM
+78M2flaCzx7mXVqyi13fsmrGGw046m7GBHFDAgMBAAGjgcwwgckwLAYDVR0RBCUw
+I4cEfwAAAYIJbG9jYWxob3N0hxAAAAAAAAAAAAAAAAAAAAABMB0GA1UdDgQWBBSs
+cnP3TAZMPW7x2Lns4t85XLQFATAOBgNVHQ8BAf8EBAMCBLAwDAYDVR0TAQH/BAIw
+ADA7BgNVHSUENDAyBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUFBwMDBggrBgEF
+BQcDBAYIKwYBBQUHAwgwHwYDVR0jBBgwFoAUrHJz90wGTD1u8di57OLfOVy0BQEw
+DQYJKoZIhvcNAQELBQADggEBAHF9Fx3vbqSdE3N6SeHM6Q77C61m3o/8ZF3kl70E
+za/mKZioYKOyFGnDKMb9RDpDBufReiUSJS+PJkS/wRHROuYToclxBnhh/7UImfkW
+XqNDB44MR4kMyotQ+/kKEeFCxJUqjguP+/NWO8PVnQIQILPjH0/AUaGHvqUwzyKl
+U8IO6zluwoV0iBFbJ1b5qQo19Y6ZHGIRBoGs2ovpcsYvXI9qWLIoLmSnkzqU1iQ1
+ITLP1lVJh9J7SYoi/aI28Ssk1F6BagPv2DmQ9rPzvcjmL4+5guhWX3TrSv7HDnvm
+NusWDVIcPcIquFhe7sKe71laIn41CXdZbOQZDmau7wTNfKo=
+-----END CERTIFICATE-----
diff --git a/ssl/private/ssl-cert-snakeoil.key b/ssl/private/ssl-cert-snakeoil.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCHwn/ZLxS1L795
+z1aAfL2GHKLZ9AWqd7bl0tKxhyTMPEk4XbgUKB7IbkZPqDyjRgWj3QtUCQUpvbhO
+Hpe4PzZHG5XF1NsNlynNT+iCSKSqbSzLjy0feMjyfw4pMeSbK/ez7VgZ/9HGjUwr
+WkzAsSWUsVUdCTTDsoOGCmYm9p/RFS5YdiLsDWUaedMqQeGsaMyizdCiZJaRg+lr
+n1VNdjQaFtSEJQEHa5tlppUiwLeHuehIoBR79dJkhotrb4dnc5Dc2fa6Zs8x0lEt
+1uz+s7KtGvaFg5PfvjOa+mcDiRuJRn9OqGlM78M2flaCzx7mXVqyi13fsmrGGw04
+6m7GBHFDAgMBAAECggEAAmHZWHhJBrzlwT9wJyUJNlc+TFDJ4KnlHbdLVy4l6SeN
+qV2Lo17o21+EAFXVapAJ/UwdrMXTv13C5CwJQYRqcWj8gdIwXdavNxkV3WNk8FCm
+HpROmGTIMekk2Hg1qLtmx1N83kfs6G0GTyRwgFkbbbaG5dGJiX2SbUG1dS2StFqC
+Pk7TATU3m4cXoZCLUhuLhAeDJYAOnbeR3JLLi8DdLooaX7TmQidOvKioUzjhQmGq
+DBzdB0xjiAyA4oMB6JPPqWZBAtFMRpWdZb9UouwaKpNT8MH4COi5FUkp8xwyP+QZ
+Psq7gGatliPL481Tqm+u9gqPwzkR8c2AJ+CPwyb/QQKBgQDEzfmP+/bSz0GTmmBw
+m3gbFk0yFyXxAuPX5Xv5lnGuc8wAetD7jVy+YEK4zIMgfLHRhKt5Vn/rHHWZ9ywD
+LytnuU/tQuzA6ZZpDfUgNXO+Y/ZTAGT2ntmF/WSqRtY8ddhRB/O1UesJfrZMSg/e
+ZSElY60/UKxluRsnvpBz3YU9MwKBgQCwmAz6OJv0hWMtKXEMv0XQXRSdbZeqD0Bw
+xMSAGcPB4wBGDfEw36oLxr/NOex0CQuOIiOLhxfHIOEY2j4UkA1WugqdClRqBevF
+iiB9eywfUij534TWfbgofl1dZktHPMIS63D29L7UP7XHh0ebYcUGLSMr9pLkzQMF
+rA5fl0xbsQKBgQC6ugdwUotkhxrcFhwsm4YAhU9nGEl6e9h8DpNrQw/HirzjM6Q3
+GHAHfUOxHPHJECaS+ULM1IJ4K790/uy2dLnFJzErl1UU0ExSjtil37Fa0nNzWytw
+R1Vx6PLrEFzSbql4cIgN4JSVpLEIfzjBNMiXNhS5vyxjM5cNRaS/Gk4BuwKBgQCU
+ExsmoVscAND1aH9zydrXaYVEsEVxApLtPADszS3ZIOf01fH9Ij6q2z+u7Tf44DDB
+QJz/fQqSHV7CARX3FgcpRpxpq+S2djqJjFXMAgEwTisvwp3XYNmPks3k6EaM+ERf
+qu4xFW4B+V4KbcO8ZZHYqPaKAZqQods74Va4DtynMQKBgAUeuDayZTDia4bOaP6B
+o6EquVRcCQbEWAzSvCpGDw3zzuP6xU8X0foH7BQ6tpxNkjOVDh9/HFjmPOe8xS4E
+feqz2SJvNCoghBcUebrCmBT6IpS/34dlqFfVO1hJSRwl+U0c2DD4l7I3966/jx2C
+y4gbcDHzbOtxKCVmAtLj0YPs
+-----END PRIVATE KEY-----