This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/attic.git
The following commit(s) were added to refs/heads/main by this push:
new 2cac75d Docker build updates [skip ci]
2cac75d is described below
commit 2cac75d1fa8d14c0ea9b3e94f6953d84192a0ddd
Author: Sebb <[email protected]>
AuthorDate: Mon Oct 13 15:15:08 2025 +0100
Docker build updates [skip ci]
Documentation
Add ability to run against remote websites
---
DOCKER.md | 57 ++++++++++++++++++++++++++++++----
Dockerfile | 2 ++
_docker/000-default.conf | 19 +++++++++++-
_docker/www/cgi/externalredirect.shell | 43 +++++++++++++++++++++++++
compose.yaml | 6 ++++
5 files changed, 120 insertions(+), 7 deletions(-)
diff --git a/DOCKER.md b/DOCKER.md
index 2a35539..76b51df 100644
--- a/DOCKER.md
+++ b/DOCKER.md
@@ -1,8 +1,17 @@
-Docker build for testing Attic banner and CSP.
+# Docker build for testing Attic banner and CSP.
+
+The instructions below assume that Docker has been installed and started.
+Also Docker must be given access to the Attic checkout directory.
+
+Most docker commands must be run from the top-level of an Attic checkout,
+i.e. the directory which contains the files `Dockerfile` and `compose.yaml`
+
+## Build the image
-Build:
`docker compose build`
+## Setting up to test against a local copy of the website
+
Checkout the website to be tested in a spare directory, e.g.
- `git clone [-b BRANCH --single-branch] https://github.com/apache/xyz-site
/path/to/repo`
or
@@ -17,32 +26,68 @@ This is shown as /path/to/website in the following
descriptions
To enable/disable the Attic banner, create/delete the directory (not a file!):
`mkdir /path/to/website/_ATTIC`
-Alternatively, define the variable VAR_ATTIC=yes
+Alternatively, define the variable VAR_ATTIC=yes when starting the container.
+
+## Setting up to test against an external website source
+
+The Docker container can fetch web pages from a remote source.
+This can be a project website, or it can be the website source as held in
+Subversion or Git (must be accessible via http(s))
+
+Set the VAR_HOSTURL variable to the source, e.g.
`VAR_HOSTURL=https://attic.apache.org`
+
+## Fixing the banner display
If the banner does not display correctly (e.g. it may be partially hidden
under the menu bar),
you can try to see if any of the existing filter overrides work.
Use one of the shorthand style names (currently _a, _b ..._e) as the VAR_NAME
value
in the docker command below instead of the target sitename.
+
+e.g. `VAR_NAME=_c ... docker compose up`
+
You can quickly check all the existing overrides using this method.
+## Testing against download cgi pages
+
To process download cgi pages, you will need access to
the closer_cgi/files directory in the private infrastructure-p6 repository.
If not available, such pages will fail to load, but the site should otherwise
work OK.
-Start:
+## Starting the container
+
+Start container for local copy:
`[VAR_DYN=/path/to/closer_cgi/files] VAR_HTML=/path/to/website
VAR_NAME=sitename [VAR_ATTIC=yes] docker compose up`
+Start container for external website:
+`[VAR_DYN=/path/to/closer_cgi/files] VAR_HOSTURL=https://.../
VAR_NAME=sitename [VAR_ATTIC=yes] docker compose up`
+
Browse to localhost:8000
+## Other container commands
+
Start shell (container must be running):
`docker compose exec attic_lua_csp /bin/bash`
Restart httpd server
-`docker compose exec attic_lua_csp apachectl restart`
+`docker compose exec attic_lua_csp apache2ctl restart`
Stop httpd server (and the container):
-`docker compose exec attic_lua_csp apachectl stop`
+`docker compose exec attic_lua_csp apache2ctl stop`
+
+Start the container and run bash rather than the webserver:
+`docker compose run --rm --entrypoint /bin/bash attic_lua_csp`
+
+## Changing the Content-Security-Policy
To make changes to the CSP, edit the
file
[_docker/000-default.conf#L9-L17](https://github.com/apache/attic-docker/blob/main/_docker/000-default.conf#L9-L17)
Then rebuild the image (should be very quick) and restart.
+
+## Variables used to customise the container
+
+- VAR_NAME: override the default request hostname (generally required)
+- VAR_ATTIC: set to 'yes' to enable banner processing (default 'no')
+- VAR_LEVEL: webserver log level (e.g. debug, tracen) (default 'info')
+- VAR_DYN: (optional) path to closer_cgi files
+- VAR_HTML: path to website source (defaults to internal website with single
page)
+- VAR_HOSTURL: (optional) if defined, must point to website base url, e.g.
https://attic. apache.org/
diff --git a/Dockerfile b/Dockerfile
index 2471283..dece2e1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -24,6 +24,8 @@ RUN apt-get update && DEBIAN_FRONTEND='noninteractive'
apt-get install -y \
RUN echo "ServerName apache-lua.local" >
/etc/apache2/conf-enabled/servername.conf
+RUN DEBIAN_FRONTEND='noninteractive' apt-get install -y curl
+
COPY _docker/000-default.conf /etc/apache2/sites-enabled/000-default.conf
COPY scripts/attic_filter.lua /etc/apache2/conf-enabled/attic_filter.lua
COPY _docker/wrapper.lua /etc/apache2/conf-enabled/wrapper.lua
diff --git a/_docker/000-default.conf b/_docker/000-default.conf
index 3f9c9eb..b0ae560 100644
--- a/_docker/000-default.conf
+++ b/_docker/000-default.conf
@@ -54,7 +54,22 @@
LuaPackagePath /etc/apache2/conf-enabled/?.lua
LuaOutputFilter attic "/etc/apache2/conf-enabled/wrapper.lua"
output_filter_wrapper
<If "-d '/var/www/site.apache.org/_ATTIC' || env('VAR_ATTIC') == 'yes'">
- AddOutputFilter attic html lua
+ # shell is needed for use with externalredirect.shell
+ AddOutputFilter attic html lua shell
+ </If>
+
+ <Directory /var/www/site.apache.org/cgi>
+ Options +ExecCGI
+ AddHandler cgi-script .shell
+ </Directory>
+
+ <If "-n env('VAR_HOSTURL')">
+ # pass variable to script
+ SetEnv VAR_HOSTURL "${VAR_HOSTURL}"
+ # Don't allow redirect to self (container localhost is
host.docker.internal)
+ RewriteCond %{HTTP_HOST} !^localhost$
+ RewriteCond %{REQUEST_URI} !^/cgi
+ RewriteRule "/" /cgi/externalredirect.shell [QSA,L]
</If>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
@@ -63,6 +78,8 @@
# modules, e.g.
#LogLevel info ssl:warn
+ LogLevel ${VAR_LEVEL}
+
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
diff --git a/_docker/www/cgi/externalredirect.shell
b/_docker/www/cgi/externalredirect.shell
new file mode 100755
index 0000000..ff2598c
--- /dev/null
+++ b/_docker/www/cgi/externalredirect.shell
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+# Script to redirect to external website source
+
+# strip trailing slash (if any). The request URI starts with /, and // can
cause issues
+VAR_HOSTURL=${VAR_HOSTURL%/}
+echo "$0: ${VAR_HOSTURL} ${REQUEST_URI}" >&2 # log
+
+# We need to capture the header and body separately, as the body may be binary
+HDR=/tmp/hdr$$
+BDY=/tmp/bdy$$
+
+# VAR_HOSTURL could be:
+# - https://HOST.apache.org
+# - https://svn-master.apache.org/repos/asf/HOST/site/trunk
+# - https://raw.githubusercontent.com/apache/attic/refs/heads/asf-site/output
+
+if [[ $VAR_HOSTURL =~ githubusercontent && ${REQUEST_URI} =~ /$ ]] # GH needs
a name
+then
+ REQUEST_URI=${REQUEST_URI}index.html
+fi
+
+curl -sSD $HDR -o $BDY ${VAR_HOSTURL}${REQUEST_URI}
+
+# return the headers:
+# drop HTTP prefix (not a valid header)
+# Also drop CSP as it is applied locally
+# Further, fix up GH raw replies
+if [[ $VAR_HOSTURL =~ githubusercontent ]] # GH returns everything as
text/plain
+then
+ case "$REQUEST_URI" in
+ *.css) NEW=css;;
+ *.html) NEW=html;;
+ *.js) NEW=application/javascript;;
+ *) NEW=plain;;
+ esac
+ grep -v '^HTTP/' $HDR | grep -vi '^content-security-policy' | sed -e
"s!text/plain!text/${NEW}!"
+else
+ grep -v '^HTTP/' $HDR | grep -vi '^content-security-policy'
+fi
+
+# Return the body
+cat $BDY
diff --git a/compose.yaml b/compose.yaml
index e00fed9..79ce7bf 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -16,3 +16,9 @@ services:
- VAR_NAME=${VAR_NAME:-localhost}
# Act as though _ATTIC directory is present (if yes)
- VAR_ATTIC=${VAR_ATTIC:-no}
+ # if defined, use as the source for pages
+ # e.g. https://attic.apache.org/
+ # Can also use svn and GH raw input
+ - VAR_HOSTURL=${VAR_HOSTURL:-}
+ # log level for webserver
+ - VAR_LEVEL=${VAR_LEVEL:-info}
