php-docker/Dockerfile at master · particleKIT/php-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
FROM ubuntu:22.04

RUN usermod -u 1000 www-data && groupmod -g 1000 www-data

RUN apt-get update && apt-get upgrade -y && DEBIAN_FRONTEND=noninteractive apt-get install -y \
    apache2 mcrypt php-gd php-ldap php-xml php-mbstring \
    libapache2-mod-php ca-certificates sendmail libapache2-mod-security2

RUN sed -i 's/TLS_CACERT.*$/TLS_CACERT \/etc\/apache2\/ssl\/ldap.pem/g' /etc/ldap/ldap.conf &&\
    ln -fs /usr/share/zoneinfo/Europe/Berlin /etc/localtime && DEBIAN_FRONTEND=noninteractive dpkg-reconfigure -f noninteractive tzdata &&\
    a2enmod rewrite ssl headers userdir authz_groupfile security2 && \
    /usr/bin/install -d -o www-data -g www-data /var/log/apache2 &&\
    sed -i 's/^upload_max_filesize.*$/upload_max_filesize=100M/' /etc/php/8.*/apache2/php.ini &&\
    sed -i 's/^upload_max_filesize.*$/upload_max_filesize=100M/' /etc/php/8.*/apache2/php.ini &&\
    sed -i 's/^memory_limit.*$/memory_limit = 500M/' /etc/php/8.*/apache2/php.ini &&\
    sed -i 's/^;date.timezone.*$/date.timezone="Europe\/Berlin"/' /etc/php/8.*/apache2/php.ini

RUN mkdir -p /etc/modsecurity/ && \
  printf '%s\n' \
    'SecRuleEngine On' \
    '#SecRequestBodyAccess On' \
    'SecResponseBodyAccess Off' \
    'SecDefaultAction "phase:1,log,auditlog,pass"' \
    'SecAuditEngine RelevantOnly' \
    'SecAuditLog /var/log/apache2/modsec_audit.log' \
    'SecDebugLog /var/log/apache2/modsec_debug.log' \
    'SecDebugLogLevel 1' \
    'SecRequestBodyLimit 13107200' \
    'SecRequestBodyNoFilesLimit 131072' \
    'SecRequestBodyInMemoryLimit 131072' \
    'SecPcreMatchLimit 1000000' \
    'SecPcreMatchLimitRecursion 1000000' \
    'Include /etc/modsecurity.d/rules/*.conf' \
    > /etc/modsecurity/modsecurity.conf

RUN mkdir -p /etc/modsecurity.d/rules && \
    echo '# dummy placeholder rule' > /etc/modsecurity.d/rules/dummy.conf

EXPOSE 80 443

VOLUME ["/var/www/html", "/etc/apache2/sites-enabled", "/etc/apache2/conf-enabled", "/etc/apache2/ssl", "/etc/modsecurity.d/rules"]

ENV APACHE_RUN_USER=www-data \
    APACHE_RUN_GROUP=www-data \
    APACHE_PID_FILE=/var/run/apache2/apache2.pid \
    APACHE_RUN_DIR=/var/run/apache2 \
    APACHE_LOCK_DIR=/var/lock/apache2 \
    APACHE_LOG_DIR=/var/log/apache2 \
    LANG=C

CMD ["/usr/sbin/apache2", "-DFOREGROUND"]