search

quicklyon / zentao-docker

Quickon Docker Image for ZenTao(禅道官方容器镜像)
Other
24 stars 8 forks source link

Enable HTTPS with Zentao Docker Image #14

Open drakosu opened 7 months ago

drakosu commented 7 months ago

This Docker image doesn't seem to support HTTPS by default. I've done a quick patch today, just leave here for a record.

The patch takes official document as reference - linux一键安装包配置https. The trick is to modify debian/rootfs/opt/zbox/etc/apache/httpd.conf.tpl to make httpd.conf comes up with HTTPS related settings described in the official document.

Here are steps, in my practice I use docker-compose.yml:

  1. Bring up a Zentao container with docker-compose.yml configured properly according to README, and additionally mount a sharing folder. 
    volumes:
  - '/share/Container/Zentao/data:/data'
  - /share/Container/Zentao/backup:/mnt/backup
  2. copy folder /opt/zbox/etc/apache from the running Zentao to the mounted share folder. 
    ## Enter container
docker exec -it zentao /bin/bash
    ## in zantao container
cp -r /opt/zbox/etc/apache /mnt/backup
## Exit container
exit
  3. Modify /share/Container/Zentao/backup/apache/httpd.conf.tpl in reference to the official document
    • Modify line 7 
      {{#if HTTPS_ENABLE}}
Listen          {{APP_DEFAULT_PORT}} https
SSLPassPhraseDialog builtin
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
{{else}}
Listen          {{APP_DEFAULT_PORT}}
{{/if}}
    • Add followings before line 193. Note: Use the actual file names of your_cert. 
      {{#if HTTPS_ENABLE}}
ErrorLog /opt/zbox/logs/ssl_error_log
TransferLog /opt/zbox/logs/ssl_access_log
CustomLog /opt/zbox/logs/ssl_custom_log combined
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /opt/zbox/etc/apache/cert/your_cert.crt
SSLCertificateKeyFile /opt/zbox/etc/apache/cert/your_key.key
{{/if}}
  4. Restart Zentao with modified docker-compose.yml with following settings in the corresponding section. Note: Use your actual path_to_your_SSL_cert. 
    ports:
  - '443:80'
    volumes:
  - /share/Container/Zentao/data:/data
  - /share/Container/Zentao/backup/apache:/opt/zbox/etc/apache
  - /path_to_your_SSL_cert:/opt/zbox/etc/apache/cert
    environment:
  - HTTPS_ENABLE=true

With these steps, I am able to access my Zentao with HTTPS.

ysicing commented 7 months ago

Looks Great! Would it be better to store the certificate persistence in the /data directory?

drakosu commented 7 months ago

Yes, that sounds better. Keep 'data' in /data directory :D