From: Pablo Zmdl Date: Thu, 13 Feb 2025 09:19:14 +0000 (+0100) Subject: Make HTTP daemons use public_html/ as document root X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=f04a3820bd95d6975adef7f1f8841c03e9fb3d4b;p=roundcube-roundcubemail-docker.git Make HTTP daemons use public_html/ as document root To protect files outside of the document root against unauthorized access. This is possible and recommended since a while, and will be required for Roundcubemail v1.7. --- diff --git a/apache/Dockerfile b/apache/Dockerfile index 9c1540e..2470546 100644 --- a/apache/Dockerfile +++ b/apache/Dockerfile @@ -8,7 +8,13 @@ LABEL org.opencontainers.image.source="https://github.com/roundcube/roundcubemai RUN apt-get update && apt-get -y upgrade && apt-get clean RUN set -ex; \ - if [ "apache" = "apache" ]; then a2enmod rewrite; fi; \ + if [ "apache" = "apache" ]; then \ + a2enmod rewrite; \ + # Make Apache use public_html/ as document root to protect files outside of it \ + # against unauthorized access. \ + # This is possible and recommended since a while, and will be required for Roundcubemail v1.7. \ + sed -i -e 's|\(DocumentRoot /var/www/html\)$|\1/public_html|' /etc/apache2/sites-available/000-default.conf; \ + fi; \ apt-get update; \ \ savedAptMark="$(apt-mark showmanual)"; \ diff --git a/examples/nginx/templates/default.conf.template b/examples/nginx/templates/default.conf.template index 93f4be9..bcb0fa4 100644 --- a/examples/nginx/templates/default.conf.template +++ b/examples/nginx/templates/default.conf.template @@ -3,7 +3,7 @@ server { server_name php-docker.local; error_log /var/log/nginx/error.log; access_log /var/log/nginx/access.log; - root /var/www/html; + root /var/www/html/public_html; location ~ /(temp|logs)/ { deny all; diff --git a/fpm/Dockerfile b/fpm/Dockerfile index 5646d6b..6b36e6d 100644 --- a/fpm/Dockerfile +++ b/fpm/Dockerfile @@ -8,7 +8,13 @@ LABEL org.opencontainers.image.source="https://github.com/roundcube/roundcubemai RUN apt-get update && apt-get -y upgrade && apt-get clean RUN set -ex; \ - if [ "fpm" = "apache" ]; then a2enmod rewrite; fi; \ + if [ "fpm" = "apache" ]; then \ + a2enmod rewrite; \ + # Make Apache use public_html/ as document root to protect files outside of it \ + # against unauthorized access. \ + # This is possible and recommended since a while, and will be required for Roundcubemail v1.7. \ + sed -i -e 's|\(DocumentRoot /var/www/html\)$|\1/public_html|' /etc/apache2/sites-available/000-default.conf; \ + fi; \ apt-get update; \ \ savedAptMark="$(apt-mark showmanual)"; \ diff --git a/nightly/Dockerfile b/nightly/Dockerfile index c4d0ab7..4038c85 100644 --- a/nightly/Dockerfile +++ b/nightly/Dockerfile @@ -12,7 +12,7 @@ RUN set -ex; \ rm roundcubemail.tar.gz; \ mv /usr/src/roundcubemail-master /usr/src/roundcubemail; \ cd /usr/src/roundcubemail; \ - rm -rf installer tests public_html .ci .github .gitignore .editorconfig .tx .travis.yml; \ + rm -rf installer tests .ci .github .gitignore .editorconfig .tx .travis.yml; \ make css-elastic; \ composer require kolab/net_ldap3 --no-install; \ composer require bjeavons/zxcvbn-php --no-install; \ diff --git a/templates/Dockerfile-debian.templ b/templates/Dockerfile-debian.templ index e31cd18..a38c6e8 100644 --- a/templates/Dockerfile-debian.templ +++ b/templates/Dockerfile-debian.templ @@ -8,7 +8,13 @@ LABEL org.opencontainers.image.source="https://github.com/roundcube/roundcubemai RUN apt-get update && apt-get -y upgrade && apt-get clean RUN set -ex; \ - if [ "%%VARIANT%%" = "apache" ]; then a2enmod rewrite; fi; \ + if [ "%%VARIANT%%" = "apache" ]; then \ + a2enmod rewrite; \ + # Make Apache use public_html/ as document root to protect files outside of it \ + # against unauthorized access. \ + # This is possible and recommended since a while, and will be required for Roundcubemail v1.7. \ + sed -i -e 's|\(DocumentRoot /var/www/html\)$|\1/public_html|' /etc/apache2/sites-available/000-default.conf; \ + fi; \ apt-get update; \ \ savedAptMark="$(apt-mark showmanual)"; \