Make HTTP daemons use public_html/ as document root

author Pablo Zmdl <redacted>

Thu, 13 Feb 2025 09:19:14 +0000 (10:19 +0100)

committer Pablo Zmdl <redacted>

Thu, 13 Feb 2025 10:21:52 +0000 (11:21 +0100)
author Pablo Zmdl <redacted>
Thu, 13 Feb 2025 09:19:14 +0000 (10:19 +0100)
committer Pablo Zmdl <redacted>
Thu, 13 Feb 2025 10:21:52 +0000 (11:21 +0100)
diff --git a/apache/Dockerfile b/apache/Dockerfile

index 9c1540edccba2220c9661301d8f5424cc9b6f9c2..2470546a715170c0c00f5acaf64ab011151f18ad 100644 (file)
--- a/apache/Dockerfile
+++ b/apache/Dockerfile
@@ -8,7 +8,13 @@ LABEL org.opencontainers.image.source="https://github.com/roundcube/roundcubemai
  RUN apt-get update && apt-get -y upgrade && apt-get clean
  
  RUN set -ex; \
-       if [ "apache" = "apache" ]; then a2enmod rewrite; fi; \
+       if [ "apache" = "apache" ]; then \
+               a2enmod rewrite; \
+               # Make Apache use public_html/ as document root to protect files outside of it \
+               # against unauthorized access. \
+               # This is possible and recommended since a while, and will be required for Roundcubemail v1.7. \
+               sed -i -e 's|\(DocumentRoot /var/www/html\)$|\1/public_html|' /etc/apache2/sites-available/000-default.conf; \
+       fi; \
         apt-get update; \
         \
         savedAptMark="$(apt-mark showmanual)"; \
diff --git a/examples/nginx/templates/default.conf.template b/examples/nginx/templates/default.conf.template

index 93f4be9000767e6a3f7ec2470f10034dd7f9d26d..bcb0fa4d99f56fb9e4ef3c8625c09cd5acbde8aa 100644 (file)
--- a/examples/nginx/templates/default.conf.template
+++ b/examples/nginx/templates/default.conf.template
@@ -3,7 +3,7 @@ server {
      server_name php-docker.local;
      error_log  /var/log/nginx/error.log;
      access_log /var/log/nginx/access.log;
-    root /var/www/html;
+    root /var/www/html/public_html;
  
      location ~ /(temp|logs)/ {
          deny all;
diff --git a/fpm/Dockerfile b/fpm/Dockerfile

index 5646d6bf9fbf9d205748fbc8da52a476ba498a6f..6b36e6df65c0e255fa85bb476a17759e97fc100f 100644 (file)
--- a/fpm/Dockerfile
+++ b/fpm/Dockerfile
@@ -8,7 +8,13 @@ LABEL org.opencontainers.image.source="https://github.com/roundcube/roundcubemai
  RUN apt-get update && apt-get -y upgrade && apt-get clean
  
  RUN set -ex; \
-       if [ "fpm" = "apache" ]; then a2enmod rewrite; fi; \
+       if [ "fpm" = "apache" ]; then \
+               a2enmod rewrite; \
+               # Make Apache use public_html/ as document root to protect files outside of it \
+               # against unauthorized access. \
+               # This is possible and recommended since a while, and will be required for Roundcubemail v1.7. \
+               sed -i -e 's|\(DocumentRoot /var/www/html\)$|\1/public_html|' /etc/apache2/sites-available/000-default.conf; \
+       fi; \
         apt-get update; \
         \
         savedAptMark="$(apt-mark showmanual)"; \
diff --git a/nightly/Dockerfile b/nightly/Dockerfile

index c4d0ab7c71b65b3ede67eb2ac50fa0bc3ba33126..4038c85f259ebc0ff9abe45038c847ed3b511e01 100644 (file)
--- a/nightly/Dockerfile
+++ b/nightly/Dockerfile
@@ -12,7 +12,7 @@ RUN set -ex; \
         rm roundcubemail.tar.gz; \
         mv /usr/src/roundcubemail-master /usr/src/roundcubemail; \
         cd /usr/src/roundcubemail; \
-       rm -rf installer tests public_html .ci .github .gitignore .editorconfig .tx .travis.yml; \
+       rm -rf installer tests .ci .github .gitignore .editorconfig .tx .travis.yml; \
         make css-elastic; \
         composer require kolab/net_ldap3 --no-install; \
         composer require bjeavons/zxcvbn-php --no-install; \
diff --git a/templates/Dockerfile-debian.templ b/templates/Dockerfile-debian.templ

index e31cd1832c63b366e068181f425e147a070317f7..a38c6e85aa8dfd71eee26ef5cc70f5fdc9cd2c00 100644 (file)
--- a/templates/Dockerfile-debian.templ
+++ b/templates/Dockerfile-debian.templ
@@ -8,7 +8,13 @@ LABEL org.opencontainers.image.source="https://github.com/roundcube/roundcubemai
  RUN apt-get update && apt-get -y upgrade && apt-get clean
  
  RUN set -ex; \
-       if [ "%%VARIANT%%" = "apache" ]; then a2enmod rewrite; fi; \
+       if [ "%%VARIANT%%" = "apache" ]; then \
+               a2enmod rewrite; \
+               # Make Apache use public_html/ as document root to protect files outside of it \
+               # against unauthorized access. \
+               # This is possible and recommended since a while, and will be required for Roundcubemail v1.7. \
+               sed -i -e 's|\(DocumentRoot /var/www/html\)$|\1/public_html|' /etc/apache2/sites-available/000-default.conf; \
+       fi; \
         apt-get update; \
         \
         savedAptMark="$(apt-mark showmanual)"; \
author	Pablo Zmdl <redacted>
	Thu, 13 Feb 2025 09:19:14 +0000 (10:19 +0100)
committer	Pablo Zmdl <redacted>
	Thu, 13 Feb 2025 10:21:52 +0000 (11:21 +0100)
apache/Dockerfile		patch \| blob \| history
examples/nginx/templates/default.conf.template		patch \| blob \| history
fpm/Dockerfile		patch \| blob \| history
nightly/Dockerfile		patch \| blob \| history
templates/Dockerfile-debian.templ		patch \| blob \| history