Skip to content

Add HTTPD OL9 image #2959

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add HTTPD OL9 image #2959

wants to merge 3 commits into from
+31 −2

Conversation

jakegt1
Copy link
Member

@jakegt1 jakegt1 commented Apr 15, 2025

Wanting some review on this, just thinking about default listen ports, should SSL be enabled (i.e dnf install -y mod_ssl), etc.

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Apr 15, 2025
@Djelibeybi
Copy link
Member

My immediate reaction was that HTTPS/TLS support would be preferable, but that would require either the creation of self-signed certificates (so that Apache actually starts) or a startup script that checked for the existence of certificates (provided via bind mount or some other mechanism) before enabling TLS support.

Thoughts?

@jakegt1
Copy link
Member Author

jakegt1 commented Apr 16, 2025

My immediate reaction was that HTTPS/TLS support would be preferable, but that would require either the creation of self-signed certificates (so that Apache actually starts) or a startup script that checked for the existence of certificates (provided via bind mount or some other mechanism) before enabling TLS support.

I am happy to do this, although is there any problem for us generating openssl certs? (guess it's at runtime so shouldn't matter..)

@jakegt1
Copy link
Member Author

jakegt1 commented Apr 16, 2025

Have added something simple, and checked that it works.

@jakegt1
Copy link
Member Author

jakegt1 commented Apr 17, 2025

Anything else to do here?

Djelibeybi
Djelibeybi reviewed Apr 18, 2025
View reviewed changes
OracleLinuxDevelopers/oraclelinux9/httpd/2.4/entrypoint.sh
Comment on lines +5 to +6
SERVER_CERT="$CERTIFICATE_DIR/localhost.crt"
SERVER_KEY="$KEY_DIR/localhost.key"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should also check for the existance of the standard ACME files, e.g. privkey.pem, cert.pem, fullchain.pem and ca.pem.

Or just rename these two to privkey.pem and fullchain.pem so they can be overloaded via bind mount to a host-wide ACME certificate.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just the default for the SSL config - I could do a sed to fix it though. Expecting acme mounts seems logical.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, some sort of output to stderr if we do fallback to self-signed certificates would probably be pretty useful too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Djelibeybi Djelibeybi Djelibeybi left review comments

@AmedeeBulle AmedeeBulle Awaiting requested review from AmedeeBulle AmedeeBulle is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jakegt1 @Djelibeybi