Initial commit

Author: devopsmariocom

Dockerfile

@@ -0,0 +1,30 @@
+# https://github.com/docker-library/php/tree/master/8.1/bullseye/apache
+FROM php:8.1.1-apache-bullseye
+
+ENTRYPOINT ["/usr/local/bin/tini", "--", "/docker-entrypoint.sh"]
+
+EXPOSE 36622/tcp
+EXPOSE 80/tcp
+
+# Override stopsignal https://github.com/docker-library/php/blob/master/8.1/bullseye/apache/Dockerfile#L280
+# SIGWINCH is Graceful Stop https://httpd.apache.org/docs/2.2/stopping.html#gracefulstop but tini would not catch it
+STOPSIGNAL SIGTERM
+
+# Install openssh-server for sftp
+RUN apt-get update && \
+    apt-get -y install openssh-server && \
+    rm -rf /var/lib/apt/lists/* && \
+    mkdir -p /var/run/sshd && \
+    rm -f /etc/ssh/ssh_host_*key*
+
+# Add sshd config file
+COPY sshd_config /etc/ssh/sshd_config
+
+# Prepare dir for user keys
+RUN mkdir /var/www/.ssh && chown -R www-data:www-data /var/www/.ssh
+
+# Install init system see https://github.com/krallin/tini
+COPY --from=krallin/ubuntu-tini:trusty /usr/local/bin/tini /usr/local/bin/tini
+
+# Add custom entrypoint
+COPY docker-entrypoint.sh /docker-entrypoint.sh

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2022 Mario Vejlupek
+Copyright (c) 2022 milionplus
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

docker-compose.yaml

@@ -0,0 +1,48 @@
+services:
+
+  generate-ssh-keys:
+    image: php-apache-sftp
+    build:
+      context: .
+      dockerfile: Dockerfile
+    entrypoint: /prepare-test.sh
+    volumes:
+      - ./test/prepare-test.sh:/prepare-test.sh
+      - ssh:/var/www/.ssh
+
+  php-apache-sftp:
+    image: php-apache-sftp
+    depends_on:
+      generate-ssh-keys:
+        condition: service_completed_successfully
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "8080:80"
+      - "36622:36622"
+    volumes:
+      - ssh:/var/www/.ssh
+    healthcheck:
+        test: ["CMD", "echo", ">", "/dev/tcp/127.0.0.1/36622", "&&", "echo", ">", "/dev/tcp/127.0.0.1/80"]
+        interval: 5s
+        timeout: 3s
+        retries: 20
+
+  sftp-test:
+    image: php-apache-sftp
+    build:
+      context: .
+      dockerfile: Dockerfile
+    depends_on:
+      php-apache-sftp:
+        condition: service_healthy
+    entrypoint: /test.sh php-apache-sftp
+    working_dir: /
+    volumes:
+      - ./test/index.php:/index.php
+      - ./test/test.sh:/test.sh
+      - ssh:/var/www/.ssh
+
+volumes:
+  ssh:

docker-entrypoint.sh

@@ -0,0 +1,19 @@
+#/bin/bash
+
+if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then
+    ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
+fi
+if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
+    ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ''
+fi
+
+# Restrict access from other users
+chmod 600 /etc/ssh/ssh_host_ed25519_key
+chmod 600 /etc/ssh/ssh_host_rsa_key
+chown www-data:www-data /var/www/.ssh/authorized_keys
+
+/usr/sbin/sshd -D -e &
+
+/usr/local/bin/docker-php-entrypoint apache2-foreground &
+
+tail -f /var/log/apache2/*

sshd_config

@@ -0,0 +1,23 @@
+# Secure defaults
+# See: https://stribika.github.io/2015/01/04/secure-secure-shell.html
+Port 36622
+Protocol 2
+HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_rsa_key
+
+# Faster connection
+# See: https://github.com/atmoz/sftp/issues/11
+UseDNS no
+
+# Limited access
+PermitRootLogin no
+X11Forwarding no
+AllowTcpForwarding no
+
+# Force sftp and chroot jail
+Subsystem sftp internal-sftp
+ForceCommand internal-sftp
+ChrootDirectory %h
+
+# Enable this for more logs
+#LogLevel VERBOSE

test/index.php

@@ -0,0 +1,3 @@
+<?
+phpinfo(INFO_MODULES);
+?>

test/prepare-test.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+ssh-keygen -t ed25519 -C "[email protected]" -f /var/www/.ssh/id_ed25519 -P ""
+cp /var/www/.ssh/id_ed25519.pub /var/www/.ssh/authorized_keys
+chown -R www-data:www-data /var/www/.ssh

test/test.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+TARGET_HOST=$1
+
+sftp -i /var/www/.ssh/id_ed25519 -oStrictHostKeyChecking=no -P36622 www-data@${TARGET_HOST} <<EOF
+cd html
+put index.php
+quit
+EOF
+curl -f -I ${TARGET_HOST} && echo "\033[0;32mOK\033[0m" || echo "\033[0;31mFAIL\033[0m"