file structure improved

.dockerignore

@@ -1,2 +1,2 @@
 *
-!docker-run.sh
+!rootfs

Dockerfile

@@ -1,31 +1,35 @@
-FROM    debian:10-slim as build
+ARG	FROM=debian:10-slim
+
+FROM    $FROM as build
+
+ENV	PACKAGES="apache2"
 
 # Install apache
 RUN     apt-get update \
-&&	apt-get -y install dumb-init apache2
+&&	apt-get -y install $PACKAGES
 
-# Add Fancy Index
-ADD	https://github.com/Vestride/fancy-index/archive/master.tar.gz /usr/share/
-RUN	tar xzf /usr/share/master.tar.gz -C /usr/share
+# Copy root filesystem
+COPY	rootfs /
 
 # Configure apache
-RUN	echo 'ServerSignature Off' >> /etc/apache2/apache2.conf \
-&&	echo 'TraceEnable Off' >> /etc/apache2/apache2.conf \
-&&	echo 'ServerTokens Prod' >> /etc/apache2/apache2.conf \
-&&	echo 'ServerName docker-http' >> /etc/apache2/apache2.conf \
-&&	echo 'Alias /fancy-index /usr/share/fancy-index-master' >> /etc/apache2/apache2.conf \
-&&	echo '<Directory /var/www/html>' >> /etc/apache2/apache2.conf \
-&&	cat /usr/share/fancy-index-master/.htaccess >> /etc/apache2/apache2.conf
+RUN	a2enconf z-custom-config.conf \
+&&	a2enmod auth_digest
 
-# Add auth handler
-COPY	docker-run.sh /
+# Add/Configure Fancy Index
+ADD	https://github.com/Vestride/fancy-index/archive/master.tar.gz /usr/share/
+RUN	tar xzf /usr/share/master.tar.gz -C /usr/share \
+&&	echo 'Alias /fancy-index /usr/share/fancy-index-master' >> /etc/apache2/apache2.conf \
+&&	echo '<Directory /html>' >> /etc/apache2/apache2.conf \
+&&	cat /usr/share/fancy-index-master/.htaccess >> /etc/apache2/apache2.conf \
+&&	echo '</Directory>' >> /etc/apache2/apache2.conf
 
-# Final image
+# Build final image
+RUN	apt-get -y install dumb-init \
+&&	rm -rf /var/lib/apt/lists/*
 FROM	scratch
 COPY	--from=build / /
-
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 
 EXPOSE  80
 
-CMD	["/docker-run.sh"]
+CMD	["/run.sh"]

README.md

@@ -2,39 +2,32 @@
 
 Quick way to share files with a [Fancy Index Listing](https://github.com/Vestride/fancy-index/) via HTTP.
 
-## Share files in current directory via HTTP
-
-    PORT=8080
-    docker run --rm -it -v $(pwd):/var/www/html -p $PORT:80 casperklein/http
-
-### Alias
-
-    alias httphere='docker run --rm -it -v $(pwd):/var/www/html -p 8080:80 casperklein/http'
+## Parameters
 
-## Share files in current directory via HTTP (with authentication)
+| Parameters | Description |
+| - | - |
+| -p 8080:80 | Map host port 8080 |
+| -e user="foo" | Username for authentication |
+| -e pass="CHANGE-ME" | Password for authentication |
+| -e auth="random" | Generate random user/pass for authentication |
+| -e TZ="Europe/Berlin" | Specify a timezone to use |
+| -v $(pwd):/html | Mount current dirctory for file sharing |
 
-    PORT=8080
-    USER=foo
-    PASS=CHANGE-ME
-    docker run --rm -it -v $(pwd):/var/www/html -p $PORT:80 --env user="$USER" --env pass="$PASS" casperklein/http
-
-### Alias (with authentication)
-
-    alias httphere='docker run --rm -it -v $(pwd):/var/www/html -p 8080:80 --env user="foo" --env pass="CHANGE-ME" casperklein/http'
-
-## Share files in current directory via HTTP (with random authentication)
+## Share files in current directory via HTTP
 
-    PORT=8080
-    docker run --rm -it -v $(pwd):/var/www/html -p $PORT:80 --env auth="random" casperklein/http
+    docker run --rm -it -v $(pwd):/html -p 8080:80 casperklein/http
 
-### Alias (with random authentication)
+### with authentication
+    docker run --rm -it -v $(pwd):/html -p 8080:80 -e user="foo" -e pass="CHANGE-ME" casperklein/http
 
-    alias httphere='docker run --rm -it -v $(pwd):/var/www/html -p 8080:80 --env auth="random" casperklein/http'
+### authentication with random credentials
+    docker run --rm -it -v $(pwd):/html -p 8080:80 -e auth="random" casperklein/http
 
-## Behind a reverse proxy (log the correct remote IP address: %{X-Forwarded-For})
+## Aliases
 
-    PORT=8080
-    docker run --rm -it -v $(pwd):/var/www/html -p $PORT:80 --env proxy="reverse" casperklein/http
+    alias httphere='docker run --rm -it -v $(pwd):/html -p 8080:80 casperklein/http'
+    alias httphere='docker run --rm -it -v $(pwd):/html -p 8080:80 -e user="foo" -e pass="CHANGE-ME" casperklein/http'
+    alias httphere='docker run --rm -it -v $(pwd):/html -p 8080:80 -e auth="random" casperklein/http'
 
 ## Access files
 

build.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+USER=casperklein
+NAME=http
+TAG=latest
+
+[ -n "$USER" ] && TAG=$USER/$NAME:$TAG || TAG=$NAME:$TAG
+
+DIR=$(dirname "$(readlink -f "$0")") &&
+cd "$DIR" &&
+echo "Building: $TAG" &&
+echo &&	
+docker build -t $TAG .

rootfs/etc/apache2/conf-available/z-custom-config.conf

@@ -0,0 +1,28 @@
+ServerName docker-http
+
+# Security settings
+ServerSignature Off
+TraceEnable Off
+ServerTokens Prod
+
+# Logging
+LogFormat "%t [%V:%p] %h %u \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" detailed
+LogFormat "%t [%V:%p] %{X-Forwarded-For}i,%h %u \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+
+<Directory /html>
+	Options +FollowSymLinks
+	AllowOverride None
+	Require all granted
+</Directory>
+
+# Authentication template
+<Directory /marker>
+	Options +FollowSymLinks
+	AllowOverride None
+
+	AuthType Digest
+	AuthName "This is a private system. Do not attempt to login unless you are an authorized user."
+	AuthDigestProvider file
+	AuthUserFile /.htdigest
+	Require valid-user
+</Directory>

rootfs/etc/apache2/sites-available/000-default.conf

@@ -0,0 +1,11 @@
+<VirtualHost *:80>
+	ServerAdmin webmaster@localhost
+	DocumentRoot /html
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+
+	# Log correct client IP if request comes from a reverse proxy
+	SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+	CustomLog ${APACHE_LOG_DIR}/access.log detailed env=!forwarded
+	CustomLog ${APACHE_LOG_DIR}/access.log proxy env=forwarded
+</VirtualHost>

rootfs/run.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+if [ ! -d "/html" ]; then
+	echo -e "Error: No host directory mounted to /html\n" >&2
+	exit 1
+fi
+
+echo -ne "HTTP-Auth:\t"
+
+# check if $user/$pass is supplied
+if [ -n "$user" ] && [ -n "$pass" ] || [ -n "$auth" ]; then
+	# enable auth
+	sed -i 's;<Directory /html>;<Directory /foo>;' /etc/apache2/conf-available/z-custom-config.conf
+	sed -i 's;<Directory /marker>;<Directory /html>;' /etc/apache2/conf-available/z-custom-config.conf
+	echo "enabled"
+
+	# generate user/pass if $auth is supplied
+	if [ -n "$auth" ]; then
+		user=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 10)
+		pass=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 10)
+	fi
+
+	echo -e "Username:\t$user"
+	echo -e "Password:\t$pass"
+
+	# generate .htdigest file
+	DIGEST="$(printf "%s:%s:%s" "$user" "This is a private system. Do not attempt to login unless you are an authorized user." "$pass" | md5sum | awk '{print $1}')" &&
+	printf "%s:%s:%s\n" "$user" "This is a private system. Do not attempt to login unless you are an authorized user." "$DIGEST" > /.htdigest || exit 1
+else
+	echo "disabled"
+fi
+
+echo
+
+# Start apache2
+apachectl start &&
+
+# Show logs
+tail -F /var/log/apache2/*