Migrate to user-based Apache run

Author: spkane

Dockerfile

@@ -1,19 +1,28 @@
-FROM alpine:3.16
+FROM alpine:3.20
 
 RUN apk add --no-cache apache2
-RUN mkdir -p /run/apache2 && \
-    mkdir /var/www/localhost/htdocs/res && \
-    mkdir /theme1 && \
-    mkdir /theme2
+RUN mkdir -p /run/apache2
 COPY httpd.conf /etc/apache2/httpd.conf
-COPY publish/html5/theme1/* /theme1/
-COPY publish/html5/theme2/* /theme2/
-COPY publish/html5/game.min.js /var/www/localhost/htdocs/
-COPY publish/html5/index.html /var/www/localhost/htdocs/
-COPY publish/html5/project.json /var/www/localhost/htdocs/
-COPY start.sh /
-ENV THEME 1
 
-EXPOSE 80
+RUN addgroup -S container && \
+    adduser  -S container -G container
+RUN chown -R container.container  /run
+USER container:container
 
-CMD ["/start.sh"]
+RUN mkdir -p /home/container/www/htdocs/res && \
+    mkdir -p /home/container/www/logs && \
+    mkdir -p /home/container/run/apache2 && \
+    mkdir /home/container/theme1 && \
+    mkdir /home/container/theme2
+
+COPY publish/html5/theme1/* /home/container/theme1/
+COPY publish/html5/theme2/* /home/container/theme2/
+COPY publish/html5/game.min.js /home/container/www/htdocs/
+COPY publish/html5/index.html /home/container/www/htdocs/
+COPY publish/html5/project.json /home/container/www/htdocs/
+COPY start.sh /home/container
+ENV THEME=1
+
+EXPOSE 8080
+
+CMD ["/home/container/start.sh"]

Dockerfile.fedora

@@ -1,18 +1,29 @@
-FROM fedora:36
+FROM fedora:39
+
+RUN dnf install -y httpd && \
+    mv /etc/httpd/modules/mod_heartmonitor.so /etc/httpd/modules/mod_heartmonitor.so.bak
 
-RUN dnf install -y httpd
-RUN mkdir /var/www/html/res && \
-    mkdir /theme1 && \
-    mkdir /theme2
 COPY httpd-fedora.conf /etc/httpd/conf/httpd.conf
-COPY publish/html5/theme1/* /theme1/
-COPY publish/html5/theme2/* /theme2/
-COPY publish/html5/game.min.js /var/www/html/
-COPY publish/html5/index.html /var/www/html/
-COPY publish/html5/project.json /var/www/html/
-COPY start-fedora.sh /start.sh
-ENV THEME 1
 
-EXPOSE 80
+RUN groupadd container && \
+    useradd -g container container
+RUN chown -R container.container   /run/httpd
+USER container:container
+
+RUN mkdir -p /home/container/www/htdocs/res && \
+    mkdir -p /home/container/www/logs && \
+    mkdir -p /home/container/run/apache2 && \
+    mkdir /home/container/theme1 && \
+    mkdir /home/container/theme2
+
+COPY publish/html5/theme1/* /home/container/theme1/
+COPY publish/html5/theme2/* /home/container/theme2/
+COPY publish/html5/game.min.js /home/container/www/htdocs/
+COPY publish/html5/index.html /home/container/www/htdocs/
+COPY publish/html5/project.json /home/container/www/htdocs/
+COPY start.sh /home/container
+ENV THEME=1
+
+EXPOSE 8080
 
-CMD ["/start.sh"]
+CMD ["/home/container/start.sh"]

docker-compose.yaml

@@ -1,4 +1,3 @@
-version: '2'
 services:
   dockergame:
     build:
@@ -7,4 +6,4 @@ services:
     environment:
       THEME: "1"
     ports:
-      - "8090:80"
+      - "8090:8080"

httpd-fedora.conf

@@ -1,6 +1,8 @@
 ServerName "localhost.localdomain"
 ServerRoot "/etc/httpd"
-Listen 80
+PidFile "/home/container/www/apache.pid"
+Mutex flock:/home/container/run/apache2
+Listen 8080
 Include conf.modules.d/*.conf
 User apache
 Group apache
@@ -12,14 +14,9 @@ ErrorDocument 404 /404.html
     Require all denied
 </Directory>
 
-DocumentRoot "/var/www/html"
+DocumentRoot "/home/container/www/htdocs"
 
-<Directory "/var/www">
-    AllowOverride None
-    Require all granted
-</Directory>
-
-<Directory "/var/www/html">
+<Directory "/home/container/www/htdocs">
     Options Indexes FollowSymLinks
     AllowOverride None
     Require all granted
@@ -33,7 +30,7 @@ DocumentRoot "/var/www/html"
     Require all denied
 </Files>
 
-ErrorLog "logs/error_log"
+ErrorLog "/home/container/www/logs/error_log"
 LogLevel warn
 
 <IfModule log_config_module>
@@ -44,14 +41,14 @@ LogLevel warn
       LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
     </IfModule>
 
-    CustomLog "logs/access_log" combined
+    CustomLog "/home/container/www/logs/access_log" combined
 </IfModule>
 
 <IfModule alias_module>
-    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
+    ScriptAlias /cgi-bin/ "/home/container/www/cgi-bin/"
 </IfModule>
 
-<Directory "/var/www/cgi-bin">
+<Directory "/home/container/www/cgi-bin">
     AllowOverride None
     Options None
     Require all granted

httpd.conf

@@ -39,6 +39,7 @@ ServerTokens OS
 # least PidFile.
 #
 ServerRoot /var/www
+PidFile /home/container/www/apache.pid
 
 #
 # Mutex: Allows you to set the mutex mechanism and mutex file directory
@@ -48,7 +49,7 @@ ServerRoot /var/www
 # mutex file directory is not on a local disk or is not appropriate for some
 # other reason.
 #
-# Mutex default:/run/apache2
+Mutex flock:/home/container/run/apache2
 
 #
 # Listen: Allows you to bind Apache to specific IP addresses and/or
@@ -59,7 +60,7 @@ ServerRoot /var/www
 # prevent Apache from glomming onto all bound IP addresses.
 #
 #Listen 12.34.56.78:80
-Listen 80
+Listen 8080
 
 #
 # Dynamic Shared Object (DSO) Support
@@ -175,8 +176,8 @@ LoadModule negotiation_module modules/mod_negotiation.so
 # It is usually good practice to create a dedicated user and group for
 # running httpd, as with most system services.
 #
-User apache
-Group apache
+User container
+Group container
 
 </IfModule>
 
@@ -216,7 +217,7 @@ ServerSignature On
 #
 # If your host doesn't have a registered DNS name, enter its IP address here.
 #
-ServerName 127.0.0.1:80
+ServerName 127.0.0.1:8080
 
 #
 # Deny access to the entirety of your server's filesystem. You must
@@ -240,8 +241,8 @@ ServerName 127.0.0.1:80
 # documents. By default, all requests are taken from this directory, but
 # symbolic links and aliases may be used to point to other locations.
 #
-DocumentRoot "/var/www/localhost/htdocs"
-<Directory "/var/www/localhost/htdocs">
+DocumentRoot "/home/container/www/htdocs"
+<Directory "/home/container/www/htdocs">
     #
     # Possible values for the Options directive are "None", "All",
     # or any combination of:
@@ -292,7 +293,7 @@ DocumentRoot "/var/www/localhost/htdocs"
 # logged here.  If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 #
-ErrorLog logs/error.log
+ErrorLog /home/container/www/logs/error.log
 
 #
 # LogLevel: Control the number of messages logged to the error_log.
@@ -327,7 +328,7 @@ LogLevel warn
     # If you prefer a logfile with access, agent, and referer information
     # (Combined Logfile Format) you can use the following directive.
     #
-    CustomLog logs/access.log combined
+    CustomLog /home/container/www/logs/access.log combined
 </IfModule>
 
 <IfModule alias_module>
@@ -357,7 +358,7 @@ LogLevel warn
     # client.  The same rules about trailing "/" apply to ScriptAlias
     # directives as to Alias.
     #
-    ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
+    ScriptAlias /cgi-bin/ "/home/container/www/cgi-bin/"
 
 </IfModule>
 
@@ -370,10 +371,10 @@ LogLevel warn
 </IfModule>
 
 #
-# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
+# "/home/container/www/cgi-bin" should be changed to whatever your ScriptAliased
 # CGI directory exists, if you have that configured.
 #
-<Directory "/var/www/localhost/cgi-bin">
+<Directory "/home/container/www/cgi-bin">
     AllowOverride None
     Options None
     Require all granted

start-fedora.sh

@@ -1,9 +1,9 @@
 #!/bin/sh
 
 if [ "${THEME}" -eq "2" ]; then
-  cp -a /theme2/* /var/www/html/res/
+  cp /home/container/theme2/* /home/container/www/htdocs/res/
 else
-  cp -a /theme1/* /var/www/html/res/
+  cp /home/container/theme1/* /home/container/www/htdocs/res/
 fi
 
 exec /usr/sbin/httpd -D FOREGROUND

start.sh

@@ -1,9 +1,9 @@
 #!/bin/sh
 
 if [ "${THEME}" -eq "2" ]; then
-  cp -a /theme2/* /var/www/localhost/htdocs/res/
+  cp /home/container/theme2/* /home/container/www/htdocs/res/
 else
-  cp -a /theme1/* /var/www/localhost/htdocs/res/
+  cp /home/container/theme1/* /home/container/www/htdocs/res/
 fi
 
 exec /usr/sbin/httpd -D FOREGROUND