From 284f1a97a6d42fa54fdbf39cf7afe7faa5aef61f Mon Sep 17 00:00:00 2001 From: "Marc Schmid (mschmid)" Date: Thu, 16 Jan 2020 11:17:11 +0100 Subject: [PATCH 1/5] Update to run container as non-root user for security reasons. Update to nginx 1.17. Using https:// as default redirect target. --- .gitignore | 1 + Dockerfile | 10 ++++++++-- README.md | 14 +++++++++++--- start.sh | 10 +++++----- 4 files changed, 25 insertions(+), 10 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..485dee6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea diff --git a/Dockerfile b/Dockerfile index 2d31c20..597b2cf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,17 @@ -FROM nginx:1.15-alpine +FROM nginx:1.17-alpine COPY start.sh /usr/local/bin/ RUN apk add --update bash \ && rm -rf /var/cache/apk/* \ + && chmod -R g+w /var/cache/nginx /var/log/nginx /etc/nginx \ + && chown -R nginx:root /var/cache/nginx /var/log/nginx /etc/nginx \ + && chmod g+w /run \ + && sed -i 's/user nginx;//g' /etc/nginx/nginx.conf \ && chmod +x /usr/local/bin/start.sh -EXPOSE 80 +EXPOSE 8080 + +USER 1000 CMD ["start.sh"] diff --git a/README.md b/README.md index 20a768d..50c8d17 100644 --- a/README.md +++ b/README.md @@ -2,19 +2,24 @@ ![Docker Build Status](https://img.shields.io/docker/build/morbz/docker-web-redirect.svg) ![Docker Pulls](https://img.shields.io/docker/pulls/morbz/docker-web-redirect.svg) ![Docker Stars](https://img.shields.io/docker/stars/morbz/docker-web-redirect.svg) -This Docker container listens on port 80 and redirects all web traffic permanently to the given target domain/URL. +This Docker container listens (by default) on port 8080 and redirects all web traffic permanently to the given target domain/URL. ## Features ## - Lightweight: Uses only ~2 MB RAM on Linux - Keeps the URL path and GET parameters - Permanent redirect (HTTP 301) +- Image Size only ~25MB +- Image runs for security reasons with non-root user ## Usage ## ### Docker run ### -The target domain/URL is set by the `REDIRECT_TARGET` environment variable. +The target domain/URL is set by the `REDIRECT_TARGET` environment variable. +The port may be changed to another port than 8080 by the `PORT` environment variable. Possible redirect targets include domains (`mydomain.net`), paths (`mydomain.net/my_page`) or specific protocols (`https://mydomain.net/my_page`). -**Example:** `$ docker run --rm -d -e REDIRECT_TARGET=mydomain.net -p 80:80 morbz/docker-web-redirect` +**Example (Listen on Port 8080):** `$ docker run --rm -d -e REDIRECT_TARGET=mydomain.net -p 8080:8080 morbz/docker-web-redirect` + +**Example (Listen on Port 80):** `$ docker run --rm -d -u0:0 -e REDIRECT_TARGET=mydomain.net -e PORT=80 -p 80:80 morbz/docker-web-redirect ` ### Paths are retained ### The URL path and GET parameters are retained. That means that a request to `http://myolddomain.net/index.php?page=2` will be redirected to `http://mydomain.net/index.php?page=2` when `REDIRECT_TARGET=mydomain.net` is set. @@ -35,3 +40,6 @@ services: - VIRTUAL_HOST=myolddomain.net - REDIRECT_TARGET=mydomain.net ``` + +### Build the image yourself ### +`$ docker build -t morbz/docker-web-redirect:latest .` diff --git a/start.sh b/start.sh index 4b83b46..9e61ac7 100755 --- a/start.sh +++ b/start.sh @@ -3,9 +3,9 @@ if [ -z "$REDIRECT_TARGET" ]; then echo "Redirect target variable not set (REDIRECT_TARGET)" exit 1 else - # Add http if not set - if ! [[ $REDIRECT_TARGET =~ ^https?:// ]]; then - REDIRECT_TARGET="http://$REDIRECT_TARGET" + # Add https if not set + if ! [[ $REDIRECT_TARGET =~ ^http?:// ]]; then + REDIRECT_TARGET="https://$REDIRECT_TARGET" fi # Add trailing slash @@ -14,8 +14,8 @@ else fi fi -# Default to 80 -LISTEN="80" +# Default to 8080 +LISTEN="8080" # Listen to PORT variable given on Cloud Run Context if [ ! -z "$PORT" ]; then LISTEN="$PORT" From 4353b8682fe8ed3d40f4a83d3fff489b0e8ad239 Mon Sep 17 00:00:00 2001 From: "Marc Schmid (mschmid)" Date: Thu, 16 Jan 2020 13:02:24 +0100 Subject: [PATCH 2/5] Update README.md --- LICENSE | 2 +- README.md | 12 +++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/LICENSE b/LICENSE index 5e648d6..6114994 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2017 Merten Peetz +Copyright (c) 2020 Marc Schmid Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 50c8d17..7496a60 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,11 @@ # Docker-Web-Redirect # -![Docker Build Status](https://img.shields.io/docker/build/morbz/docker-web-redirect.svg) ![Docker Pulls](https://img.shields.io/docker/pulls/morbz/docker-web-redirect.svg) ![Docker Stars](https://img.shields.io/docker/stars/morbz/docker-web-redirect.svg) +![Docker Build Status](https://img.shields.io/docker/build/m4rc77/docker-web-redirect.svg) ![Docker Pulls](https://img.shields.io/docker/pulls/m4rc77/docker-web-redirect.svg) ![Docker Stars](https://img.shields.io/docker/stars/m4rc77/docker-web-redirect.svg) This Docker container listens (by default) on port 8080 and redirects all web traffic permanently to the given target domain/URL. +_Hint: This repo was forked from https://github.com/MorbZ/docker-web-redirect._ + ## Features ## - Lightweight: Uses only ~2 MB RAM on Linux - Keeps the URL path and GET parameters @@ -17,9 +19,9 @@ The target domain/URL is set by the `REDIRECT_TARGET` environment variable. The port may be changed to another port than 8080 by the `PORT` environment variable. Possible redirect targets include domains (`mydomain.net`), paths (`mydomain.net/my_page`) or specific protocols (`https://mydomain.net/my_page`). -**Example (Listen on Port 8080):** `$ docker run --rm -d -e REDIRECT_TARGET=mydomain.net -p 8080:8080 morbz/docker-web-redirect` +**Example (Listen on Port 8080):** `$ docker run --rm -d -e REDIRECT_TARGET=mydomain.net -p 8080:8080 m4rc77/docker-web-redirect` -**Example (Listen on Port 80):** `$ docker run --rm -d -u0:0 -e REDIRECT_TARGET=mydomain.net -e PORT=80 -p 80:80 morbz/docker-web-redirect ` +**Example (Listen on Port 80):** `$ docker run --rm -d -u0:0 -e REDIRECT_TARGET=mydomain.net -e PORT=80 -p 80:80 m4rc77/docker-web-redirect ` ### Paths are retained ### The URL path and GET parameters are retained. That means that a request to `http://myolddomain.net/index.php?page=2` will be redirected to `http://mydomain.net/index.php?page=2` when `REDIRECT_TARGET=mydomain.net` is set. @@ -34,7 +36,7 @@ This image can be combined with the [jwilder nginx-proxy](https://hub.docker.com version: '3' services: redirect: - image: morbz/docker-web-redirect + image: m4rc77/docker-web-redirect restart: always environment: - VIRTUAL_HOST=myolddomain.net @@ -42,4 +44,4 @@ services: ``` ### Build the image yourself ### -`$ docker build -t morbz/docker-web-redirect:latest .` +`$ docker build -t m4rc77/docker-web-redirect:latest .` From 46489275f2b9b6264cf6c1a36c372e6b18d6ba48 Mon Sep 17 00:00:00 2001 From: Marc Schmid Date: Fri, 24 Jan 2020 23:12:22 +0100 Subject: [PATCH 3/5] Update README.md --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7496a60..d092637 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,9 @@ # Docker-Web-Redirect # -![Docker Build Status](https://img.shields.io/docker/build/m4rc77/docker-web-redirect.svg) ![Docker Pulls](https://img.shields.io/docker/pulls/m4rc77/docker-web-redirect.svg) ![Docker Stars](https://img.shields.io/docker/stars/m4rc77/docker-web-redirect.svg) +![Docker Cloud Build Status](https://img.shields.io/docker/cloud/build/m4rc77/docker-web-redirect) +![Docker Cloud Automated build](https://img.shields.io/docker/cloud/automated/m4rc77/docker-web-redirect) +![Docker Pulls](https://img.shields.io/docker/pulls/m4rc77/docker-web-redirect.svg) +![Docker Stars](https://img.shields.io/docker/stars/m4rc77/docker-web-redirect.svg) This Docker container listens (by default) on port 8080 and redirects all web traffic permanently to the given target domain/URL. From 9b2259e4f61e943b03fbf3ca7c3c34dc25a94de3 Mon Sep 17 00:00:00 2001 From: Marc Schmid Date: Fri, 24 Jan 2020 23:20:28 +0100 Subject: [PATCH 4/5] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d092637..147825d 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ ![Docker Cloud Build Status](https://img.shields.io/docker/cloud/build/m4rc77/docker-web-redirect) ![Docker Cloud Automated build](https://img.shields.io/docker/cloud/automated/m4rc77/docker-web-redirect) -![Docker Pulls](https://img.shields.io/docker/pulls/m4rc77/docker-web-redirect.svg) -![Docker Stars](https://img.shields.io/docker/stars/m4rc77/docker-web-redirect.svg) +![Docker Pulls](https://img.shields.io/docker/pulls/m4rc77/docker-web-redirect) +![Docker Stars](https://img.shields.io/docker/stars/m4rc77/docker-web-redirect) This Docker container listens (by default) on port 8080 and redirects all web traffic permanently to the given target domain/URL. From 41958fa962a50839def3be211fac913fd2990f2f Mon Sep 17 00:00:00 2001 From: herrfinke <6168694+herrfinke@users.noreply.github.com> Date: Sat, 11 Apr 2020 15:33:59 +0200 Subject: [PATCH 5/5] Updated readme; fixes usage of port 8080 with jwilder/nginx-proxy --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 147825d..6de0c53 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,7 @@ services: environment: - VIRTUAL_HOST=myolddomain.net - REDIRECT_TARGET=mydomain.net + - VIRTUAL_PORT=8080 ``` ### Build the image yourself ###