php-ssl/Dockerfile | ●●●●● patch | view | raw | blame | history | |
php-ssl/README.md | ●●●●● patch | view | raw | blame | history | |
php-ssl/httpd/httpd.conf | ●●●●● patch | view | raw | blame | history | |
php-ssl/httpd/ssl.conf | ●●●●● patch | view | raw | blame | history | |
php-ssl/index.php | ●●●●● patch | view | raw | blame | history | |
php-ssl/ssl/certs/tls.crt | ●●●●● patch | view | raw | blame | history | |
php-ssl/ssl/certs/tls.key | ●●●●● patch | view | raw | blame | history | |
python-load/load.py | ●●●●● patch | view | raw | blame | history |
php-ssl/Dockerfile
New file @@ -0,0 +1,27 @@ FROM registry.access.redhat.com/ubi8:8.0 LABEL version="1.0" \ description="A simple PHP application that tests TLS encryption" \ creationDate="2019-12-13" \ updatedDate="2019-12-13" USER 0 RUN yum install -y --disableplugin=subscription-manager --nodocs \ httpd mod_ssl php php-common net-tools procps-ng \ && yum clean all COPY httpd/httpd.conf /etc/httpd/conf/httpd.conf ## SSL - This directive configures SSL support for the container COPY httpd/ssl.conf /etc/httpd/conf.d/ssl.conf ## End of SSL COPY index.php /var/www/html/index.php RUN mkdir /run/php-fpm && \ chgrp -R 0 /var/www/html /var/log/httpd /var/run/httpd/ /run/php-fpm \ && chmod -R g+rwx /var/www/html /var/log/httpd /var/run/httpd/ /run/php-fpm EXPOSE 8080 8443 USER 1001 CMD php-fpm && httpd -D FOREGROUND php-ssl/README.md
New file @@ -0,0 +1,53 @@ ## About this container This container deploys a stand-alone PHP page to display some basic information about the container. It is mostly used to determine whether this application is served via TLS or is exposed via HTTP. ## How to build Run the following command to build the container image: `$ podman build -t php-ssl .` The container expects a certificate and a key at `/usr/local/etc/ssl/certs`. Run the following command to generate a self-signed certificate: `$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt` ## How to run ### In HTTP mode ``` podman run --name todo -p 8080:8080 php-ssl:latest` ``` ### In HTTPs mode ``` podman run --userns keep-id \ -v ./ssl/certs:/usr/local/etc/ssl/certs:Z \ --name todo -p 8443:8443 php-ssl:latest` ``` ### In HTTP & HTTPS mode Notice the port range: ``` podman run --userns keep-id \ -v ./ssl/certs:/usr/local/etc/ssl/certs:Z \ --name test \ -p 8080-8443:8080-8443 \ php-ssl:latest ``` ### Disable HTTPs support If you need to disable HTTPs support, run the following steps: 1. In `Dockerfile` -- comment line 15: ``` # COPY httpd/ssl.conf /etc/httpd/conf.d/ssl.conf ``` 3. Rebuild the image: ``` `$ podman build -t php-ssl:latest .` ``` 4. Run the following command to create the container: ``` `$ podman run --name todo -p 8080:8080 php-ssl:latest` ``` php-ssl/httpd/httpd.conf
New file @@ -0,0 +1,83 @@ ServerRoot "/etc/httpd" Listen 8080 Include conf.modules.d/*.conf User apache Group apache PidFile /var/run/httpd/httpd.pid ServerAdmin root@localhost <Directory /> AllowOverride none Require all denied </Directory> DocumentRoot "/var/www/html" <Directory "/var/www"> AllowOverride None # Allow open access: Require all granted </Directory> # Further relax access to the default document root: <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <Files ".ht*"> Require all denied </Files> # Changed by Steve Pousty # ErrorLog "logs/error_log" ErrorLog "|/bin/more" LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "|/bin/more" combined </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" </IfModule> <Directory "/var/www/cgi-bin"> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> TypesConfig /etc/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> AddDefaultCharset UTF-8 <IfModule mime_magic_module> MIMEMagicFile conf/magic </IfModule> EnableSendfile on IncludeOptional conf.d/*.conf php-ssl/httpd/ssl.conf
New file @@ -0,0 +1,38 @@ # # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these # directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> # LoadModule ssl_module modules/mod_ssl.so Listen 8443 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin <VirtualHost _default_:8443> ServerName localhost.localdomain:8443 ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /usr/local/etc/ssl/certs/tls.crt SSLCertificateKeyFile /usr/local/etc/ssl/certs/tls.key # SSLCertificateChainFile /usr/local/etc/ssl/certs/tls-chain.crt SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> </VirtualHost> php-ssl/index.php
New file @@ -0,0 +1,77 @@ <?php function get_system_load($coreCount = 2, $interval = 1) { $rs = sys_getloadavg(); $interval = $interval >= 1 && 3 <= $interval ? $interval : 1; $load = $rs[$interval]; return round(($load * 100) / $coreCount,2); } function get_connections() { if (function_exists('exec')) { $www_total_count = 0; @exec ('netstat -an | egrep \':80|:443\' | awk \'{print $5}\' | grep -v \':::\*\' | grep -v \'0.0.0.0\'', $results); foreach ($results as $result) { $array = explode(':', $result); $www_total_count ++; if (preg_match('/^::/', $result)) { $ipaddr = $array[3]; } else { $ipaddr = $array[0]; } if (!in_array($ipaddr, $unique)) { $unique[] = $ipaddr; $www_unique_count ++; } } unset ($results); return count($unique); } } function get_memory_usage() { $free = shell_exec('free'); $free = (string)trim($free); $free_arr = explode("\n", $free); $mem = explode(" ", $free_arr[1]); $mem = array_filter($mem); $mem = array_merge($mem); $memory_usage = $mem[2] / $mem[1] * 100; return $memory_usage; } ?> <!DOCTYPE html> <html> <head> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"> <title>PHP Application</title> </head> <body> <h2><strong>About this application</strong></h2> <?php if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { ?> <i class="fa fa-lock"/><span style="color: #339966;"><strong> <?php echo 'The application is currently served over TLS'; ?> </span></strong> <?php } else { ?> <i class="fa fa-exclamation-triangle"/><span style="color: #993300;"><strong> <?php echo 'The application is currently server over HTTP'; ?> </span></strong> <?php } ?> <ul> <li> <strong>Current system load:</strong> <?php echo get_system_load() ?> </li> <li> <strong>Number of connections:</strong> <?php echo get_connections() ?> </li> <li> <strong>Memory usage:</strong> <?php echo round(get_memory_usage()) .' Mb' ?> </li> </ul> </body> </html> php-ssl/ssl/certs/tls.crt
New file @@ -0,0 +1,24 @@ -----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIUZ2ILvNHGb6kIggcIKY5ibQ5m1u4wDQYJKoZIhvcNAQEL BQAwgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOQzEQMA4GA1UEBwwHUmFsZWln aDEQMA4GA1UECgwHUmVkIEhhdDERMA8GA1UECwwIVHJhaW5pbmcxHjAcBgNVBAMM FXRvZG8uYXBwcy5leGFtcGxlLmNvbTEiMCAGCSqGSIb3DQEJARYTdHJhaW5pbmdA cmVkaGF0LmNvbTAeFw0xOTExMjgyMDQyMDJaFw0yMDExMjcyMDQyMDJaMIGVMQsw CQYDVQQGEwJVUzELMAkGA1UECAwCTkMxEDAOBgNVBAcMB1JhbGVpZ2gxEDAOBgNV BAoMB1JlZCBIYXQxETAPBgNVBAsMCFRyYWluaW5nMR4wHAYDVQQDDBV0b2RvLmFw cHMuZXhhbXBsZS5jb20xIjAgBgkqhkiG9w0BCQEWE3RyYWluaW5nQHJlZGhhdC5j b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCurfjfmTVju+uJxanJ cio6DYs1lAQyzKuJeJeKlzIxdY1RT48QN8iBQ6egLCwgZxqUMKhEEHYfxAi6/aKl cQdr3n77xMVQv+Bub34XX3H2aOE1V9kKh0og0srrvKBUb8su6uiqu0Jpq0eu+Xe7 gVe5WP1b4SeA4ZpAtPugqFRxXLufsyqpVCoGJKvi3XQGHOini/h+Oz/sirpUGJ60 P4IhYOsC3vNPTVB4Bgmcm7AsgEfK19+AQLqYqnmCc8iq2XFmHiAvd7VrqnLFOjpN FR+x7xrDRAkEB/WiQ+s2HHWMpAYOJb9qfbBCKr1JUH7cX0ZHaEtwMxVvqNcjxpEI CshpAgMBAAGjUzBRMB0GA1UdDgQWBBSkr4M7N/rBhHeVyBEU0MHlE0i67zAfBgNV HSMEGDAWgBSkr4M7N/rBhHeVyBEU0MHlE0i67zAPBgNVHRMBAf8EBTADAQH/MA0G CSqGSIb3DQEBCwUAA4IBAQA01PSkcS8SOgQpNSfIoJ8s2pMOlhQ/0VoEFofheGVt kekFaPRGn0Z2DEorKXRuclR2Ye4+4zvvAsNXeZZa2jAbhFXA9Zs2SzUDK7xXebUc azzGd4JFST5KqroV5lAgeEeZdW1r39PCFPLZ36c0jh5g6fbFws7atzO+dqATU2mX c0qywhEZDz4PfUwyP6B2oG39oNGKj457WMg39oWjopZJ9NK0SKqFybeTjO/13pDr CWJNC//Eralcdu8zoWF6U5BFiEQTXlmeD4J+AZTmBBT5vaAW1ypEkmRAhPIkAwVs HryISUxmPg2JCrlU+52jCM3RCXoXCZerrdC+l/xirTgd -----END CERTIFICATE----- php-ssl/ssl/certs/tls.key
New file @@ -0,0 +1,28 @@ -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCurfjfmTVju+uJ xanJcio6DYs1lAQyzKuJeJeKlzIxdY1RT48QN8iBQ6egLCwgZxqUMKhEEHYfxAi6 /aKlcQdr3n77xMVQv+Bub34XX3H2aOE1V9kKh0og0srrvKBUb8su6uiqu0Jpq0eu +Xe7gVe5WP1b4SeA4ZpAtPugqFRxXLufsyqpVCoGJKvi3XQGHOini/h+Oz/sirpU GJ60P4IhYOsC3vNPTVB4Bgmcm7AsgEfK19+AQLqYqnmCc8iq2XFmHiAvd7VrqnLF OjpNFR+x7xrDRAkEB/WiQ+s2HHWMpAYOJb9qfbBCKr1JUH7cX0ZHaEtwMxVvqNcj xpEICshpAgMBAAECggEBAIWXJZOTr2I0EMHP+rbGagb13rY+GivjnXjIUlU6prdu qII77zS/BMffPu5feevaDlixEa7kTAKlQOwJF/+g/sT/Z2wTI7hK1lB/UhZ790M1 GK9cHPBRYV7S9z/shU2uJd0e6IvSJMt9o5fs0CYFmFp29WT0P+rwHrFH+Hz434PF 3WYswUyZLLpuC2bkOPam7AEHQgZ7UHW38GWC72zDVOCUZnxbqknWw9PKIHdMK5EK 7CNkRc9KwTOPnT4uE+h/RiO2LUapxPz9NSfCuGNVmRRPezNajIY8TELNXL4DxC8x G7IXW3DXCqkHexg0e2YKWWPq9V/iiAJRVUcdTP8sQRECgYEA2NWNgBt1P5seRLy/ 77Vz/w57r6Ds7rk/uDPC96SZVSTIHcwKx+UOSNIyzmbBAfW0QGaWnAz/XyUSe6Vj 5KKDHKSKUd7p4w3dzJFfgWl1/M+HyC2eTrDYYaqSAsqKcWLavF2sHU2ISYrGsVrI czrGqK2LN4xwCFX1Q9hIs3G5mf0CgYEAzjsu+up9gudPdAfavYVyppNh8LABKVcV 1lIlz0UfS4aWq+C6gWjnEqrOKHkvWwzlgozvaEyIChHlTpc/zMo0/DMx+BngYNhh uvMv7AgbBmo1MEHH/ZFwTKoWF2nlx9ER+FqyeTR8rfuff7fsNp/qwnTWJnY9QdEu c7EPKXqrDd0CgYAjGcbTMx6y0jh/JhLoCfaiFkUddC6GooRXHEH2drW/m7mtYSdp noHGdgh1cxrRZ2Xreu/siQoZ69VnIKngDBKvY09k23H/KHJ8OBg+ycSozSuM0x2q XWRZwxPp0cHBgyAnl/5RrAhg508szKZgSOZ5zcYYkupb3xZaCjwSmFlUPQKBgBEm Zs/C9FEQf1D83jnogRJNK1XirRYNAenixvYnn2SeeqUseRYN7TlmLuK6wS9nMSbc JYSc6Ks9tb4FYe7b2fAnKb6iGEC1fdsYIiIUwnqUFnw+3CzADYCynEeyLMOjJUVr 9W+S59NoG2l5mBEq11D4el6Ucp+oj55bWRFv/A2ZAoGBAMehwcekk/7PhroCvuSf nwsZAfKEC5jrcDkrhZ/Um5q2ca/E0HMKqLB1xscPrNHyNzuxORMPzKQpcQHOQIPW isRyRaSbbJO23pDlgImY4LZYVjNwYM6bbJZGwr7K1IjPsosiE6j7jMNRVZVlmHA4 E0Gy+qsU9BPz6msZ2LFYRkWX -----END PRIVATE KEY----- python-load/load.py
@@ -12,7 +12,7 @@ import signal # Change the xrange (allocation) value accordingly. allocation = 8192 allocation = 1512 stop_loop = 0 def exit_chld(x, y):