Added ssl for apache httpd

Fixes #33

Author: mblaschke

docker-compose.yml

@@ -23,6 +23,7 @@ web:
   #build: docker/nginx/
   ports:
     - 8000:80
+    - 8443:443
   links:
     - main
   volumes_from:

docker/httpd/Dockerfile

@@ -3,10 +3,13 @@ FROM httpd:2.4
 RUN apt-get update && apt-get install -y net-tools
 
 ADD conf/vhost.conf /usr/local/apache2/conf/.docker-vhost.conf.original
-ADD entrypoint.sh /entrypoint.sh
+ADD ssl/*           /usr/local/apache2/ssl/
+ADD entrypoint.sh   /entrypoint.sh
 
 EXPOSE 80
+EXPOSE 443
 EXPOSE 8000
+EXPOSE 8443
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["httpd"]

docker/httpd/conf/vhost.conf

@@ -6,9 +6,12 @@ LoadModule actions_module    modules/mod_actions.so
 LoadModule proxy_module      modules/mod_proxy.so
 LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
 LoadModule rewrite_module    modules/mod_rewrite.so
+LoadModule ssl_module        modules/mod_ssl.so
 
 ## Alternative port
 Listen 8000
+Listen 443
+Listen 8443
 
 # Settings
 TimeOut      1000
@@ -57,11 +60,48 @@ CustomLog /proc/self/fd/1 dockerlog
 #######################################
 # Vhost
 #######################################
-NameVirtualHost *:80
-<VirtualHost *:80>
+
+<VirtualHost *:80 *:8000>
+  ServerName docker.vm
+  ServerAlias <ALIAS_DOMAIN>
+  DocumentRoot "<DOCUMENT_ROOT>"
+
+  UseCanonicalName Off
+</VirtualHost>
+
+<VirtualHost *:443 *:8443>
   ServerName docker.vm
   ServerAlias <ALIAS_DOMAIN>
   DocumentRoot "<DOCUMENT_ROOT>"
 
   UseCanonicalName Off
+
+  ############
+  # SSL
+  ############
+
+  SSLEngine             on
+  SSLCertificateFile    ssl/server.crt
+  SSLCertificateKeyFile ssl/server.key
+
+  <FilesMatch "\.(cgi|shtml|phtml|php)$">
+          SSLOptions +StdEnvVars
+  </FilesMatch>
+  <Directory /usr/lib/cgi-bin>
+          SSLOptions +StdEnvVars
+  </Directory>
+
+  BrowserMatch "MSIE [2-6]" \
+          nokeepalive ssl-unclean-shutdown \
+          downgrade-1.0 force-response-1.0
+  # MSIE 7 and newer should be able to use keepalive
+  # This regexp is ok with 17-9!
+  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+  ## SSL Hardening
+  SSLProtocol         all -SSLv2 -SSLv3
+  SSLHonorCipherOrder on
+  SSLCipherSuite      "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
+  SSLCompression      off
+
 </VirtualHost>

docker/httpd/ssl/server.crt

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFEjCCAvoCCQDrKLkQ7ypcWzANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJE
+RTEQMA4GA1UECBMHR2VybWFueTEbMBkGA1UEChMSRG9ja2VyIEJvaWxlcnBsYXRl
+MQ0wCwYDVQQDFAQqLnZtMB4XDTE1MDQyOTIxMDIyNloXDTE2MDQyODIxMDIyNlow
+SzELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0dlcm1hbnkxGzAZBgNVBAoTEkRvY2tl
+ciBCb2lsZXJwbGF0ZTENMAsGA1UEAxQEKi52bTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMrdMhSLIO9d6VZ5j1VcyumO5m1ilVIOwAIumMVSEyew/n+I
+pPRVt5nKoe+bBmMCDgZjXR37JkN2C//F67Qc84Vu1HqkKnXR3W10sdm2jkLK7G7s
+hCwBWOcPoqjtcXC02Tv2joll8AVoYvjDkyiStWYK2ymewxkfv/vNTh/3pxsXf3Mu
+imem5cYPq3oMDxCPeDLR25pOOzjZthE36vAvNUoB6/32JDiQ8wmfi9Xr9eTqu2hL
+MLrsZDJVlhoXKmJwPVI22xGaARW+MIENuss6d5SJHB9/qrESxmLsfG/sEoWPiJRa
+cgjsr+c/tPq4EdCMc74WmwaRT2UIysJ5UUF7yQrP9xuF37ItTFfAA+vqBI4+bCfb
+fYbLi2jO+pkeltTGyDHuxPd6P0rrqHUPsn4GM0VZgzWFucLWvsf/FLsQHMFXypGh
+AJV7Twm5/nGyi5cVqQNyUtXj4v7VzGSnCwJAOXLmDe2b9MGoDY75kn5gdAMcqTMz
+KEuzqLRf8zmq8kGIuDUYtMJLbSulDmBdMQa4g2oeDBdBaRQ7puGBJip0cZffNtnn
+6pakjh66Ld0dnUuXRUfohylvs5FNDCFzpbwoGXJuyxg9KUY4QEZSNgY2F6jP0Wmh
+KTEKKz4/xk0q2uak+ipK7R444YU4UcbTZ46A9XFLCsN430xUmjsE/KwYwcmZAgMB
+AAEwDQYJKoZIhvcNAQEFBQADggIBAFTME/oRGve/m2FZsmYEkLOWpJzcumwswWNX
+4o402nrYldYQ0q0reTHACb3H/F27nuNLVPbVAq14qHFw0MZojK6G8kaDNWL47XPA
+VfQh0kaJoCD/F+devRwv3z+tVSatXAm17fMdzZWNxa2v6i9QGLCBV26EUFWiK8zL
+5F5dmPEPx7rRj3NRGUPXwSt5wQH+wmqcJ+ut+gVJhTV7RRVgPraFsPIa9yK/pDDE
+fGlMzUqKUKGwoY9V+KB0WKZoAmD6qleNbAP6jx7F2DA1NxSbL79q65R43YsOLzJg
+hPqZYCs9OFz8BtgAL+SPJ5jAwwWwO/8BEqXZy7AYc4p7UEMyX5861xG7yDEFnUBe
+NiA8m92KLpRfeqLmBjVFEIHWyX1H3Fb1OgUx1TY2+itRhV5B5cKgv4MvQZ+9/kI2
+UQvNlkAxf3MJeIw8Vcxq6ADu4d8aqjtA9qZ7mhP7NwSvQJ0RHhAmcmqt02qIPsQA
+rURpmpCRUiVIuq6noJtSFmKc/zLWXyv8ypofX9JHKtFiJr6DpxrzTtMABLLFMEQx
+kOnuIz7e9Mj/CMoXp68U4MBYhuoapd0u+tv3lXvZSxTdioLJtecG6qc6ZYoTGB7a
+BNAo1sCRQrae0LPt2TAMXos6EA+pqX6WyKrAcopQidy3UMp2PCRXfUgtVPwdiq82
+BAleAIzC
+-----END CERTIFICATE-----

docker/httpd/ssl/server.csr

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEkDCCAngCAQAwSzELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0dlcm1hbnkxGzAZ
+BgNVBAoTEkRvY2tlciBCb2lsZXJwbGF0ZTENMAsGA1UEAxQEKi52bTCCAiIwDQYJ
+KoZIhvcNAQEBBQADggIPADCCAgoCggIBAMrdMhSLIO9d6VZ5j1VcyumO5m1ilVIO
+wAIumMVSEyew/n+IpPRVt5nKoe+bBmMCDgZjXR37JkN2C//F67Qc84Vu1HqkKnXR
+3W10sdm2jkLK7G7shCwBWOcPoqjtcXC02Tv2joll8AVoYvjDkyiStWYK2ymewxkf
+v/vNTh/3pxsXf3Muimem5cYPq3oMDxCPeDLR25pOOzjZthE36vAvNUoB6/32JDiQ
+8wmfi9Xr9eTqu2hLMLrsZDJVlhoXKmJwPVI22xGaARW+MIENuss6d5SJHB9/qrES
+xmLsfG/sEoWPiJRacgjsr+c/tPq4EdCMc74WmwaRT2UIysJ5UUF7yQrP9xuF37It
+TFfAA+vqBI4+bCfbfYbLi2jO+pkeltTGyDHuxPd6P0rrqHUPsn4GM0VZgzWFucLW
+vsf/FLsQHMFXypGhAJV7Twm5/nGyi5cVqQNyUtXj4v7VzGSnCwJAOXLmDe2b9MGo
+DY75kn5gdAMcqTMzKEuzqLRf8zmq8kGIuDUYtMJLbSulDmBdMQa4g2oeDBdBaRQ7
+puGBJip0cZffNtnn6pakjh66Ld0dnUuXRUfohylvs5FNDCFzpbwoGXJuyxg9KUY4
+QEZSNgY2F6jP0WmhKTEKKz4/xk0q2uak+ipK7R444YU4UcbTZ46A9XFLCsN430xU
+mjsE/KwYwcmZAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAgEAKcMX/U07W0h/34Vd
+ZTTFYq8D7aBdVM/sOQcRgXHCEIQgUt/DXmRKy1il5bQV8WK9FauCrmW1nJx3btHY
+vkAvX4eJ1te04tpDkojOcjYihZAtIzPivjGcopWzrxBCwGGiqyEcmDjVdF7qDcUC
+wkmtqzium9HveWgY6xDHpxuPyYuBbvZO407/cljHMgWRFOE0PG6GX48gLwc99lCS
+oLvKDDd7Rrqr2jA4m5tJd77D7L3LL/Yk3PTZRhJS3HIzs+kAtzzxP7dj6GRlVaQo
+uXr9C5qAdvWaDXcPaoH88IUEXPqRre75MTJtSXCUYPlXTVWNZ78JgnsFMcbsyyLn
+fB/CUEK9WyIMc5VtCUkcujO506sO7gYGmIKUhJ03Re5SSUmHRIE5vWUCvtjflvFv
+bh89SyS5bPmqDPR8jKktTG27F716rbPqr/B+uRacH4y5pfHoES0z42WJ9D07VSFH
+gVhmjNDxeqRPt1zFrzT1gMjZpKdHeBv7FRAY+cWRAIA56jwD9+oF7StjPM9ULpGp
+jLteqTMTDIxkJhMMKU2BAetOXbgl4bXdDn4rA83egE9obzAZoir9TYZ02zCM/c1q
+ioNcDgcXSxn3pDe/WyCJ7UicdGMd7K4kGMFCgXuNPbUTYn/yaBUkx9oiR9IBefS0
+UK8j6kHBk70h0P0xVIbqVGbJLWM=
+-----END CERTIFICATE REQUEST-----

docker/httpd/ssl/server.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAyt0yFIsg713pVnmPVVzK6Y7mbWKVUg7AAi6YxVITJ7D+f4ik
+9FW3mcqh75sGYwIOBmNdHfsmQ3YL/8XrtBzzhW7UeqQqddHdbXSx2baOQsrsbuyE
+LAFY5w+iqO1xcLTZO/aOiWXwBWhi+MOTKJK1ZgrbKZ7DGR+/+81OH/enGxd/cy6K
+Z6blxg+regwPEI94MtHbmk47ONm2ETfq8C81SgHr/fYkOJDzCZ+L1ev15Oq7aEsw
+uuxkMlWWGhcqYnA9UjbbEZoBFb4wgQ26yzp3lIkcH3+qsRLGYux8b+wShY+IlFpy
+COyv5z+0+rgR0IxzvhabBpFPZQjKwnlRQXvJCs/3G4Xfsi1MV8AD6+oEjj5sJ9t9
+hsuLaM76mR6W1MbIMe7E93o/SuuodQ+yfgYzRVmDNYW5wta+x/8UuxAcwVfKkaEA
+lXtPCbn+cbKLlxWpA3JS1ePi/tXMZKcLAkA5cuYN7Zv0wagNjvmSfmB0AxypMzMo
+S7OotF/zOaryQYi4NRi0wkttK6UOYF0xBriDah4MF0FpFDum4YEmKnRxl9822efq
+lqSOHrot3R2dS5dFR+iHKW+zkU0MIXOlvCgZcm7LGD0pRjhARlI2BjYXqM/RaaEp
+MQorPj/GTSra5qT6KkrtHjjhhThRxtNnjoD1cUsKw3jfTFSaOwT8rBjByZkCAwEA
+AQKCAgAbZPdoUsllyZbC+LNkYZ19ILD5QIDNjfRb1xMGQmkXyQz1B+zOmeyrNfPc
+OWEJabOfJTfj3pByN7SzG3US4333HNpQnW6mbmqqZ0HFFqPrXR/Ecuf+UUhCG5hp
+m3bgM2vKbyccYsmg0VHcKfzrU7RvTTP/UNMjx2fThwvvwS+ttuSdF0HVcXJB5sfP
+OWWnZNhkdHZlRf81VCED/jsZqCZYEh5eMyj9AoXvXL4zayPPf+tC0DSKaXW2Xlxg
+tZQhqup8+a9nlxZia0Z9hu8clo6jXkiP8FuKgfCMV0cOjiCKLLHS5svTbLLsVWwJ
+F2ZAdVcD6mWQ43qHOEK5NEzGvQKO14CaOLnVT2yAkMcyNohsEgoDP9oCBGDJQbBH
+NmtZfpVjjtuTr9P9TEkU1FcBRo0x6Il/DkzamGbOeFAmgnaGElhJ5c/CAG7whaIf
+mUfFOBGPH/wESY3gBOACDofeSh27RrlvbLaPiCGKivDUTBmhBsIuso6XqOKbvtfV
+/HhhndpdRVfIj4DdE7gIrLIGN977JMVAXFCNz7KrvAWwcOXrCHCoWpklJ9repq8l
+26ICY8K7VXktzDHQUmhd88ZWR+9ASURsJghUgZUOcMrEGyvci6Y8hpLhHiNVPHuQ
++ps7tpPsXSntBUqWBzhRZh74+nJlOOV6oYykl30JT2JzB6lwiQKCAQEA9ecn8N2z
+20tR2UEiTv/MjVSepQtAAajegvcd1iasvvQKXnh3XLmoZHzH2tTa0lp5RIZpUQPl
+lOTwko0lYTBnYblt65AJQ3FTgisNobIpoqE8BFXLm6wggz7CbabjmPGDe173lPGR
+sI0YSKYvzrdn4zw8Fh6WULJyZHLi58zJYL3r0WBDiOoxpGaGA1GlmkuIWjhKHaX2
+OvF1vOuQDJ2eDyTc5TYFC0NKG76Mvanov5L/yrhNM/umbmp0SPspzHGZobAKUr20
+OazFT8S+2TA1OTxWNbiPbSimFoaZbEdqsNACGfVJWO8Sh8iqlt5RmEcSiSvGBj6L
+QKprRO9Fsp2GawKCAQEA0zGhRsnux4JTNsdUSYsEJtITMj6eE+nl7CoZ9DAOwC5X
+6/aSpUE4TT+pWNrt9iluXiGL0j89UJ7r/L1OcsiyzGb8ig9NU4zr1NIGTZ0DstHi
+HPYINjeiBJEFIy17kOQn+9/I5c4hBUwz6ihwNoEomymVB/EsLJKAML0AudJGKg+Z
+/f/qrS40eab5SAiaKgsh0MZnj+vIxyGBydt6r2HGmjfNITVbXIu6IpO+6NXDwM/e
+7v10AAZ3j9+gb1RedLg2ghuIuYU90hmMhtVWsh9nVmaOkMW9/WFgOPYvt/mHH/hR
+d4pePZ9kACGmqo/b9sHvHw1YEubtCt1VUiNuFxnJCwKCAQBWnxz0vkRTJY8phsY9
+KeK2jm5sGTBs5T2syLwb6ffENFdKvAjgAw6Mh2And/+1ReWd+/MxdLv03UjZdxsJ
+x3FDfXx5FH4O4ebW3a+pnAcKoN1xcX+N0O6LDRqUYcue3sTAOs3gC9CUbr91KAWD
+Phw8ccWAzTmKJ7IgLFA982ekyoI9eTmRC159WRgwJxy844qerWF+XC4GyXP+HsTZ
+jNRW5Vdi7sqMEyIR7+fIEAhLI88zbATWIPmZv6pC4ybwO7wwtsCMMQNBpdjDprzL
+6S12ggikV+U+QKlxGe0FtYqhykRTPJKf32eZqVheWOZJTA/9fgv9ux52oxGycM8O
+gmsNAoIBAQC60m5uZnd5uYnPLWkcXYNgq/kbO1UvHHut/FhVMKX7z4MrU0XKNfWO
+MECoP5K9bU0aq+Y6KIMe7FapjvT0iSHRu1Cu+HZY8JI2A0xcIAeDijLRl7sP6wrB
+q1+2DKgANjRAlWfsEfoX658JBpitPngjOheBnRCMpVQMyUT5HE/BKWf5zwdUB0mY
+S+K8nA90HcDeJIS8RcGolbVwUV0oBABhr/cf50lYhqozqCr7YQ33ZGs7Uq3oz8+4
+UARmN2YPLl3Znm3GX12em8c6B0LX8vvA7Jw06Rf2Ksup1+3Ce1PTLiEy9A4FyRf3
+Hc2HmBbnJAtZlr5QikMqlzzAmmLqwH6dAoIBAC+ryaQGJFsijCSuaDfRp/uy9xnd
+DjgMdTwjl5WLBmyudChVMANl8eqCbvVO41CN84yORk03oQ4cx0eKxAZaLaSzgkb3
+W0X2nFQe7VJSYMQswCQ+1WfJvEFrIdkEKIa//uQdhqNrgUKSNVhhSTMbNEkDTIWn
+ssbv2H9hvUaFt/J/vP9zCKuU5oYvNU7Oi6ZXRYezRn9atlJYanLFoJnHUBRzGms5
+K0vhdCPDXQq87z5Yudoh0jLUQF9Nx0GTWeBceQ9n5hZeRUNQWxP4AJThQX9KSPTS
+mbL3Kh4XNRmAUJ2N+Njh+3dg91s+JkKvC1wcspLsmLPQe+9AxBSH9y5JE/8=
+-----END RSA PRIVATE KEY-----