DetectionLab/Vagrant/resources/malcolm/Dockerfiles/htadmin.Dockerfile

FROM debian:buster-slim

# Copyright (c) 2021 Battelle Energy Alliance, LLC.  All rights reserved.
LABEL maintainer="malcolm.netsec@gmail.com"
LABEL org.opencontainers.image.authors='malcolm.netsec@gmail.com'
LABEL org.opencontainers.image.url='https://github.com/cisagov/Malcolm'
LABEL org.opencontainers.image.documentation='https://github.com/cisagov/Malcolm/blob/master/README.md'
LABEL org.opencontainers.image.source='https://github.com/cisagov/Malcolm'
LABEL org.opencontainers.image.vendor='Cybersecurity and Infrastructure Security Agency'
LABEL org.opencontainers.image.title='malcolmnetsec/htadmin'
LABEL org.opencontainers.image.description='Malcolm container providing htadmin for managing login accounts in an htpasswd file'

ARG DEFAULT_UID=33
ARG DEFAULT_GID=33
ENV DEFAULT_UID $DEFAULT_UID
ENV DEFAULT_GID $DEFAULT_GID
ENV PUSER "www-data"
ENV PGROUP "www-data"
# not dropping privileges globally so nginx can bind privileged ports internally.
# nginx and php-fpm will drop privileges to "www-data" user for worker processes
ENV PUSER_PRIV_DROP false

ENV DEBIAN_FRONTEND noninteractive
ENV TERM xterm

ARG PHP_VERSION=7.3
ARG MCRYPT_VERSION=1.0.2
ARG BOOTSTRAP_VERSION=3.3.6

ENV PHP_VERSION $PHP_VERSION
ENV MCRYPT_VERSION $MCRYPT_VERSION
ENV BOOTSTRAP_VERSION $BOOTSTRAP_VERSION

ENV HTADMIN_URL "https://codeload.github.com/mmguero-dev/htadmin/tar.gz/master"

RUN apt-get update && \
    apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages --no-install-recommends install \
      bcrypt \
      ca-certificates \
      curl \
      libmcrypt-dev \
      libmcrypt4 \
      make \
      mcrypt \
      nginx-light \
      php-dev \
      php-pear \
      php$PHP_VERSION-apcu \
      php$PHP_VERSION-cli \
      php$PHP_VERSION-curl \
      php$PHP_VERSION-fpm \
      php$PHP_VERSION-gd \
      procps \
      supervisor && \
    ( yes '' | pecl channel-update pecl.php.net ) && \
    ( yes '' | pecl install mcrypt-$MCRYPT_VERSION ) && \
    ln -s -r /usr/lib/php/20??????/*.so /usr/lib/php/$PHP_VERSION/ && \
    mkdir -p /run/php && \
  cd /tmp && \
    mkdir -p ./htadmin && \
    curl -sSL "$HTADMIN_URL" | tar xzvf - -C ./htadmin --strip-components 1 && \
    mv /tmp/htadmin/sites/html/htadmin /var/www/htadmin && \
    cd /var/www/htadmin && \
    ( grep -rhoPi "(src|href)=['\"]https?://.+?['\"]" ./includes/* | sed "s/^[a-zA-Z]*=['\"]*//" | sed "s/['\"]$//" | xargs -r -l curl -s -S -L -J -O ) && \
    sed -i "s@http[^'\"]*/@@gI" ./includes/* && \
    mkdir fonts && cd fonts && \
    curl -s -S -L -J -O "https://maxcdn.bootstrapcdn.com/bootstrap/$BOOTSTRAP_VERSION/fonts/glyphicons-halflings-regular.ttf" && \
    curl -s -S -L -J -O "https://maxcdn.bootstrapcdn.com/bootstrap/$BOOTSTRAP_VERSION/fonts/glyphicons-halflings-regular.woff" && \
    curl -s -S -L -J -O "https://maxcdn.bootstrapcdn.com/bootstrap/$BOOTSTRAP_VERSION/fonts/glyphicons-halflings-regular.woff2" && \
  chown -R ${PUSER}:${PGROUP} /var/www && \
  apt-get -y -q --allow-downgrades --allow-remove-essential --allow-change-held-packages --purge remove \
    make libmcrypt-dev php-pear php-dev && \
  apt-get autoremove -y -q && \
  apt-get clean -y -q && \
  rm -rf /var/lib/apt/lists/* /var/cache/* /tmp/* /var/tmp/* /var/www/html

ADD shared/bin/docker-uid-gid-setup.sh /usr/local/bin/
ADD docs/images/favicon/favicon.ico /var/www/htadmin/
ADD htadmin/supervisord.conf /supervisord.conf
ADD htadmin/htadmin.sh /usr/local/bin/
ADD htadmin/src /var/www/htadmin/
ADD htadmin/php/php.ini /etc/php/$PHP_VERSION/fpm/php.ini
ADD htadmin/nginx/sites-available/default /etc/nginx/sites-available/default

EXPOSE 80

ENTRYPOINT ["/usr/local/bin/docker-uid-gid-setup.sh"]

CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf", "-u", "root", "-n"]


# to be populated at build-time:
ARG BUILD_DATE
ARG MALCOLM_VERSION
ARG VCS_REVISION

LABEL org.opencontainers.image.created=$BUILD_DATE
LABEL org.opencontainers.image.version=$MALCOLM_VERSION
LABEL org.opencontainers.image.revision=$VCS_REVISION