Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Official Convertigo 8.1.0 release! #13535

Merged
merged 1 commit into from
Nov 17, 2022
Merged

Official Convertigo 8.1.0 release! #13535

merged 1 commit into from
Nov 17, 2022

Conversation

nicolas-albert
Copy link
Contributor

Thx!

@github-actions
Copy link

Diff for 8807b2d: 
diff --git a/_bashbrew-cat b/_bashbrew-cat
index fd7903d..35bd527 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,6 +1,6 @@
 Maintainers: Nicolas Albert <nicolasa@convertigo.com> (@nicolas-albert), Olivier Picciotto <olivier.picciotto@convertigo.com> (@opicciotto)
 GitRepo: https://github.com/convertigo/convertigo
-GitCommit: 4e5bed91cef24b22f1e07cf7091674d22c8cde81
+GitCommit: 070f8a67e61a7a9bc701ddadae0a0a0fba9470a3
 
-Tags: 8.0.2, 8.0, latest
+Tags: 8.1.0, 8.1, latest
 Directory: docker/default
diff --git a/_bashbrew-list b/_bashbrew-list
index 449542e..244e992 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -1,3 +1,3 @@
-convertigo:8.0
-convertigo:8.0.2
+convertigo:8.1
+convertigo:8.1.0
 convertigo:latest
diff --git a/convertigo_latest/Dockerfile b/convertigo_latest/Dockerfile
index 76edbf6..ff8bd02 100644
--- a/convertigo_latest/Dockerfile
+++ b/convertigo_latest/Dockerfile
@@ -44,18 +44,14 @@ ENV TINI_VERSION 0.19.0
 ENV TINI_GPG_KEYS 6380DC428747F6C393FEACA59A84159D7001A4E5
 
 RUN export GNUPGHOME="$(mktemp -d)" \
-  && ( gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$GOSU_GPG_KEYS" \
-  || gpg --batch --keyserver pgp.mit.edu --recv-keys "$GOSU_GPG_KEYS" \
-  || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$GOSU_GPG_KEYS" \
+  && ( gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$GOSU_GPG_KEYS" \
   || gpg --batch --keyserver keyserver.pgp.com --recv-keys "$GOSU_GPG_KEYS" ) \
   && curl -o /usr/local/bin/gosu -fSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
   && curl -o /usr/local/bin/gosu.asc -fSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$(dpkg --print-architecture | awk -F- '{ print $NF }').asc" \
   && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
   && rm /usr/local/bin/gosu.asc \
   && chmod +x /usr/local/bin/gosu \
-  && ( gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$TINI_GPG_KEYS" \
-  || gpg --batch --keyserver pgp.mit.edu --recv-keys "$TINI_GPG_KEYS" \
-  || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$TINI_GPG_KEYS" \
+  && ( gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$TINI_GPG_KEYS" \
   || gpg --batch --keyserver keyserver.pgp.com --recv-keys "$TINI_GPG_KEYS" ) \
   && curl -o /usr/local/bin/tini -fSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
   && curl -o /usr/local/bin/tini.asc -fSL "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$(dpkg --print-architecture | awk -F- '{ print $NF }').asc" \
@@ -73,15 +69,23 @@ RUN useradd -s /bin/false -m convertigo \
     && echo "convertigo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/convertigo \
     && chmod 0440 /etc/sudoers.d/convertigo
 
-## disable unused AJP, APR and Jasper features
+## disable unused AJP and Jasper features
 ## change HTTP port the historic Convertigo port 28080
 
 RUN sed -i.bak \
         -e '/protocol="AJP/d' \
-        -e '/AprLifecycleListener/d' \
         -e '/JasperListener/d' \
         -e 's/port="8080"/port="28080" maxThreads="64000" relaxedQueryChars="{}[]|"/' \
         -e 's,</Host>,  <Valve className="org.apache.catalina.valves.RemoteIpValve" />\n      </Host>,' \
+        -e 's,</Service>,<!--SSL<Connector port="28443" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true" maxThreads="64000" relaxedQueryChars="{}[]|">\n\
+      <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />\n\
+      <SSLHostConfig>\n\
+        <Certificate certificateKeyFile="/certs/key.pem"\n\
+                     certificateFile="/certs/cert.pem"\n\
+                     certificateChainFile="/certs/chain.pem"\n\
+                     type="RSA" />\n\
+      </SSLHostConfig>\n\
+    </Connector>SSL-->\n  </Service>,' \
         conf/server.xml \
     && sed -i.bak \
         -e 's,<Context>,<Context sessionCookiePath="/">,' \
@@ -92,7 +96,7 @@ RUN sed -i.bak \
     && chown -R convertigo:convertigo conf temp work logs \
     && chmod -w conf/*
 
-ENV CONVERTIGO_VERSION 8.0.2
+ENV CONVERTIGO_VERSION 8.1.0
 
 ENV CONVERTIGO_WAR_URL https://github.com/convertigo/convertigo/releases/download/$CONVERTIGO_VERSION/convertigo-$CONVERTIGO_VERSION.war
 
@@ -103,14 +107,13 @@ ENV CONVERTIGO_GPG_KEYS 6A7779BB78FE368DF74B708FD4DA8FBEB64BF75F
 ## and remove unnecessary components for the mbaas version
 
 RUN export GNUPGHOME="$(mktemp -d)" \
-    && ( gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$CONVERTIGO_GPG_KEYS" \
-    || gpg --batch --keyserver pgp.mit.edu --recv-keys "$CONVERTIGO_GPG_KEYS" \
-    || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$CONVERTIGO_GPG_KEYS" \
+    && ( gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$CONVERTIGO_GPG_KEYS" \
     || gpg --batch --keyserver keyserver.pgp.com --recv-keys "$CONVERTIGO_GPG_KEYS" ) \
     && curl -fSL -o /tmp/convertigo.war $CONVERTIGO_WAR_URL \
     && curl -fSL -o /tmp/convertigo.war.asc $CONVERTIGO_WAR_URL.asc \
     && gpg --batch --verify /tmp/convertigo.war.asc /tmp/convertigo.war \
     && mkdir -p webapps/ROOT webapps/convertigo \
+    && mkdir /certs \
     && (cd webapps/convertigo \
         && unzip -q /tmp/convertigo.war \
         && (chmod -f a+x WEB-INF/xvnc/* || true) \
diff --git a/convertigo_latest/docker-entrypoint.sh b/convertigo_latest/docker-entrypoint.sh
index 2c86175..575ebeb 100755
--- a/convertigo_latest/docker-entrypoint.sh
+++ b/convertigo_latest/docker-entrypoint.sh
@@ -50,20 +50,26 @@ if [ "$1" = "convertigo" ]; then
     
     if [ "$JXMX" != "" ]; then
         export JAVA_OPTS="$JAVA_OPTS -Xms128m -Xmx${JXMX}m"
+        echo "Use JXMX to set -Xmx$[JXMX}m"
         unset JXMX
     else
         export JAVA_OPTS="$JAVA_OPTS -XX:MaxRAMPercentage=80"
+        echo "No JXMX, set -XX:MaxRAMPercentage=80"
     fi
     
     ## default common JAVA_OPTS, can be extended with "docker run -e JAVA_OPTS=-custom" 
     
     export JAVA_OPTS="$JAVA_OPTS \
-        --illegal-access=permit \
         --add-exports=java.base/sun.nio.ch=ALL-UNNAMED \
         --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED \
         --add-opens=java.base/java.lang=ALL-UNNAMED \
         --add-opens=java.base/java.lang.reflect=ALL-UNNAMED \
         --add-opens=java.base/java.io=ALL-UNNAMED \
+        --add-opens java.base/java.net=ALL-UNNAMED \
+        --add-opens java.base/java.util=ALL-UNNAMED \
+        --add-opens java.base/sun.security.util=ALL-UNNAMED \
+        --add-opens java.base/sun.security.x509=ALL-UNNAMED \
+        --add-opens java.desktop/sun.awt.image=ALL-UNNAMED \
         -XX:+UseG1GC \
         -XX:+UseStringDeduplication \
         -Xdebug \
@@ -77,33 +83,94 @@ if [ "$1" = "convertigo" ]; then
     
     if [ -d $WEB_INF/xvnc ]; then
         export DISPLAY=${DISPLAY:-:0}
+        echo "Set DISPLAY=${DISPLAY}"
     else
         unset DISPLAY
     fi
     
     if [ "$COOKIE_PATH" != "" ]; then
         sed -i.bak -e "s,sessionCookiePath=\"[^\"]*\",sessionCookiePath=\"$COOKIE_PATH\"," $CATALINA_HOME/conf/context.xml
+        echo "Configure sessionCookiePath to $COOKIE_PATH"
         unset COOKIE_PATH
     fi
     
     if [ "$COOKIE_SECURE" = "true" ]; then
         sed -i.bak -e "s,<secure>false</secure>,<secure>true</secure>," $CATALINA_HOME/webapps/convertigo/WEB-INF/web.xml
+        echo "Configure Cookie secure to 'true'"
     else
     	sed -i.bak -e "s,<secure>true</secure>,<secure>false</secure>," $CATALINA_HOME/webapps/convertigo/WEB-INF/web.xml
+    	echo "Configure Cookie secure to 'false'"
     fi
     unset COOKIE_SECURE
     
     if [ "$COOKIE_SAMESITE" != "" ]; then
         sed -i.bak -e "s,sameSiteCookies=\"[^\"]*\",sameSiteCookies=\"$COOKIE_SAMESITE\"," $CATALINA_HOME/conf/context.xml
+        echo "Configure sameSiteCookies to $COOKIE_SAMESITE"
         unset COOKIE_SAMESITE
     fi
     
     if [ "$SESSION_TIMEOUT" != "" ]; then
         sed -i.bak -e "s,<.*session-timeout.*,<session-timeout>$SESSION_TIMEOUT</session-timeout>," $CATALINA_HOME/webapps/convertigo/WEB-INF/web.xml
+        echo "Configure session-timeout to $SESSION_TIMEOUT"
     fi
     
     if [ "$DISABLE_SUDO" = "true" ]; then
         rm /etc/sudoers.d/convertigo
+        echo "Disable 'sudo'"
+    fi
+    
+    if [ -d "/ssl/" ]; then
+        rm -f /certs/*
+        cp /ssl/* /certs/ 2>/dev/null
+        echo "Copy SSL files from /ssl"
+    fi
+    
+    if [ ! -f "/certs/key.pem" ] && [ "$SSL_SELFSIGNED" != "" ]; then
+        echo "Generate a self-signed certificate for $SSL_SELFSIGNED"
+        openssl req -x509 -newkey rsa:4096 -keyout /certs/key.pem -out /certs/cert.pem -sha256 -days 365 -nodes -subj "/CN=$SSL_SELFSIGNED"
+        if [ -d "/ssl/" ] && [ ! -f "/ssl/key.pem" ] && [ ! -f "/ssl/cert.pem" ] ; then
+            cp /certs/key.pem /ssl/
+            cp /certs/cert.pem /ssl/
+            echo "Copy the generated self-signed certificate to /ssl"
+        fi
+    fi
+    unset SSL_SELFSIGNED
+    
+    if [ ! -f "/certs/key.pem" ] && [ "$SSL_KEY_B64" != "" ]; then
+        echo "$SSL_KEY_B64" | base64 -d > /certs/key.pem
+        echo "Configure SSL private key from SSL_KEY_B64"
+    fi
+    unset SSL_KEY_B64
+    
+    if [ ! -f "/certs/cert.pem" ] && [ "$SSL_CERT_B64" != "" ]; then
+        echo "$SSL_CERT_B64" | base64 -d > /certs/cert.pem
+        echo "Configure SSL certificate from SSL_CERT_B64"
+    fi
+    unset SSL_CERT_B64
+    
+    if [ ! -f "/certs/chain.pem" ] && [ "$SSL_CHAIN_B64" != "" ]; then
+        echo "$SSL_CHAIN_B64" | base64 -d > /certs/chain.pem
+        echo "Configure SSL chain from SSL_CHAIN_B64"
+    fi
+    unset SSL_CHAIN_B64
+    
+    if [ -f "/certs/cert.pem" ] && [ ! -f "/certs/chain.pem" ] && [ ! -f "/certs/full.pem" ]; then
+        cp /certs/cert.pem /certs/full.pem
+    fi
+    
+    if [ -f "/certs/full.pem" ]; then
+        echo "Split SSL certificate and chain files"
+        grep -B 1000 -m 1 -F -e "-----END CERTIFICATE-----" /certs/full.pem > /certs/cert.pem
+        tail -n +2 /certs/full.pem | grep -A 1000 -m 1 -F -e "-----BEGIN CERTIFICATE-----" > /certs/chain.pem
+    fi
+    
+    if [ -f "/certs/key.pem" ] && [ -f "/certs/cert.pem" ] && [ -f "/certs/chain.pem" ]; then
+        echo "Enable SSL configuration for Tomcat"
+        chmod a+r /certs/*
+        sed -i.ssl -e 's,--SSL<,--SSL--><,' -e 's,>SSL--,><!--SSL--,' $CATALINA_HOME/conf/server.xml
+    else
+        echo "Disable SSL configuration for Tomcat"
+        sed -i.ssl -e 's,--SSL--><,--SSL<,' -e 's,><!--SSL--,>SSL--,' $CATALINA_HOME/conf/server.xml
     fi

Relevant Maintainers:

@yosifkit yosifkit merged commit ad85fe8 into docker-library:master Nov 17, 2022
@nicolas-albert nicolas-albert deleted the convertigo-8.1.0 branch September 26, 2023 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
library/convertigo
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nicolas-albert @yosifkit