Docker Container: Centos 7, Apache, PHP 5.5, and SSL

May 29, 2021

On our previous post we have created a Docker Container based on Linux Centos 7, Apache Web Server, PHP 7.3, and SSL. On this post we are creating a similar container but with PHP 5.5 instead.

Dockerfile

Copy the following content on a file named Dockerfile


FROM centos:7

# Install Apache
RUN yum -y update
RUN yum -y install httpd httpd-tools mod_ssl openssl expect

# Install EPEL Repo
RUN rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
 && rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

# Install PHP 5.5
RUN yum -y install php55w php55w-bcmath php55w-cli php55w-common php55w-gd php55w-intl php55w-ldap php55w-mbstring \
    php55w-mcrypt php55w-mysql php55w-pdo php55w-pear php55w-soap php55w-xml php55w-xmlrpc

# Copy script that generates SSL certificate
COPY generate_certificate.exp /generate_certificate.exp

# Generate SSL certificate
RUN chmod +x /generate_certificate.exp \
 && ./generate_certificate.exp \
 && cp ca.crt /etc/pki/tls/certs \
 && cp ca.key /etc/pki/tls/private/ca.key \
 && cp ca.csr /etc/pki/tls/private/ca.csr

# Update Apache Configuration
RUN sed -E -i -e '/<Directory "\/var\/www\/html">/,/<\/Directory>/s/AllowOverride None/AllowOverride All/' /etc/httpd/conf/httpd.conf
RUN sed -E -i -e 's/DirectoryIndex (.*)$/DirectoryIndex index.php \1/g' /etc/httpd/conf/httpd.conf

# Update Apache SSL Configuration
RUN sed -E -i -e 's/\/etc\/pki\/tls\/certs\/localhost\.crt/\/etc\/pki\/tls\/certs\/ca.crt/g' /etc/httpd/conf.d/ssl.conf
RUN sed -E -i -e 's/\/etc\/pki\/tls\/private\/localhost\.key/\/etc\/pki\/tls\/private\/ca.key/g' /etc/httpd/conf.d/ssl.conf
RUN sed -E -i -e 's/#ServerName www\.example\.com\:443/ServerName www.example.com:443/g' /etc/httpd/conf.d/ssl.conf

EXPOSE 80 443

# Start Apache
CMD ["/usr/sbin/httpd","-D","FOREGROUND"]

You can download this Dockerfile, and the script, as a zipped file here


  • On the first part of the Dockerfile we install apache, mod_ssl, openssl (for the SSL certificates), and expect. (for the script that will create the certificate)

  • After that, we install the EPEL repository, and then proceed to install PHP 5.5.

  • We copy our script generate_certificate.exp into the Docker Container, and update its permissions to make it executable. Then we run it.
    The generated certificate files will be copied to their appropiate folders in /etc/pki/tls/.

  • As the final step we update the Apache configuration on the files httpd.conf and ssl.conf.

Script to Generate SSL Certificate

Copy the following content on a file named generate_certificate.exp


#!/usr/bin/expect -f

# -------------------------
# Generate private key file
# -------------------------

spawn openssl genrsa -des3 -out ca.key 2048

expect "Enter pass phrase for ca.key:"
send -- "test\r"
expect "Verifying - Enter pass phrase for ca.key:"
send -- "test\r"

# ------------------------------------
# Generate certificate signing request
# ------------------------------------

spawn openssl req -new -key ca.key -out ca.csr

expect "Enter pass phrase for ca.key:"
send -- "test\r"
expect "Country Name (2 letter code)"
send -- "US\r"
expect "State or Province Name (full name)"
send -- "State\r"
expect "Locality Name (eg, city)"
send -- "City\r"
expect "Organization Name (eg, company)"
send -- "Company\r"
expect "Organizational Unit Name (eg, section)"
send -- "Section\r"
expect "Common Name (eg, your name or your server's hostname)"
send -- "localhost\r"
expect "Email Address"
send -- "email@localhost\r"

expect "A challenge password"
send -- "\r"

expect "An optional company name"
send -- "\r"

# --------------------
# Generate certificate
# --------------------

spawn openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

expect "Enter pass phrase for ca.key:"
send -- "test\r"

# ---------------------------
# Remove certificate password
# ---------------------------

exec cp ca.key ca.tmp

spawn openssl rsa -in ca.tmp -out ca.key

expect "Enter pass phrase for ca.tmp:"
send -- "test\r"

exec rm ca.tmp

  • The generate_certificate.exp script contains the commands that will create the Self-Signed SSL Certificate.

Create the Docker Image and Container

Now we create the Docker Image.


docker build -t image_apache_ssl .

Then we create the Docker Container.

Notice that we need to indicate the path of our local folder that will be served as the root of the Apache Web Server, which in this example is /path_to/my_website. Replace it with the location of your site's root folder.


docker run -tid -p 4000:80 -p 4001:443 --name=container_apache_ssl -v /path_to/my_website:/var/www/html image_apache_ssl

After the Docker Container is created, we can go to the url https://localhost:4001 to open the local website.


Downloads

Dockerfile-apache-ssl.zip