Merge pull request #18 from qtc-de/develop

Prepare v2.2.0 Release

CHANGELOG.md

@@ -6,6 +6,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [2.2.0] - Apr 29, 2022
+
+### Added
+
+* Added a [php container](/car/resources/containers/php/)
+
+### Changed
+
+* The [nginx container](/car/resources/containers/php/) creates its TLS certificate
+  now dynamically
+
+
 ## [2.1.0] - Apr 14, 2022
 
 ### Added

README.md

@@ -8,7 +8,7 @@ resources. Additionally, *container-arsenal* ships a *python* script that can be
 
 ![](https://github.com/qtc-de/container-arsenal/workflows/master%20Python%20CI/badge.svg?branch=master)
 ![](https://github.com/qtc-de/container-arsenal/workflows/develop%20Python%20CI/badge.svg?branch=develop)
-[![](https://img.shields.io/badge/version-2.1.0-blue)](https://github.com/qtc-de/container-arsenal/releases)
+[![](https://img.shields.io/badge/version-2.2.0-blue)](https://github.com/qtc-de/container-arsenal/releases)
 [![](https://img.shields.io/badge/build%20system-pip-blue)](https://pypi.org/project/pip/)
 ![](https://img.shields.io/badge/python-9%2b-blue)
 [![](https://img.shields.io/badge/license-GPL%20v3.0-blue)](https://github.com/qtc-de/container-arsenal/blob/master/LICENSE)
@@ -69,8 +69,9 @@ links listed below to get more details:
 
 **Utils Containers**
 
-* [mysql](car/resources/containers/mysql) - Plain *MySQL* server with randomly generated password protected user accounts.
+* [mysql](car/resources/containers/mysql) - Plain *MySQL* server with randomly generated password protected user accounts
 * [neo4j](car/resources/containers/neo4j) - Plain *Neo4j* database. Useful for tools like *BloodHound*
+* [php](car/resources/containers/php) - *nginx* server with *PHP* enabled. Can be used to quickly test some *PHP* stuff
 
 
 ### Getting and Updating Containers

bin/car

@@ -7,7 +7,7 @@ import car
 container_help = 'desired container name: ajp | ftp | h2b | mysql | neo4j | nginx | samba | ssh | tftp or .'
 container_help_all = 'desired container name: ajp | ftp | h2b | mysql | neo4j | nginx | samba | ssh | tftp | all or .'
 
-parser = argparse.ArgumentParser(description='''car v2.1.0 - commandline interface for the container arsenal''')
+parser = argparse.ArgumentParser(description='''car v2.2.0 - commandline interface for the container arsenal''')
 parser.add_argument('--dry', action='store_true', help="only display docker compose commands without executing them")
 subparsers = parser.add_subparsers(dest='command')
 

car/resources/bash_completion.d/car

@@ -13,7 +13,7 @@ _car() {
     _get_first_arg
 
     COMPREPLY=()
-    CONTAINERS="neo4j h2b mysql tftp nginx ftp samba ajp ssh"
+    CONTAINERS="neo4j h2b mysql tftp nginx ftp samba ajp ssh php"
 
 	if [[ $args -eq 1 ]]; then
 

car/resources/car.toml

@@ -39,6 +39,13 @@
   http_port = "80"
   https_port = "443"
 
+  [containers.php]
+  php_folder = "<@:BASE:@>/php"
+  public_folder = "<@:BASE:@>/php/public"
+  private_folder = "<@:BASE:@>/php/private"
+  http_port = "127.0.0.1:80"
+  https_port = "127.0.0.1:443"
+
   [containers.samba]
   samba_folder = "<@:BASE:@>/samba"
   public_folder = "<@:BASE:@>/samba/public"

car/resources/containers/ajp/README.md

@@ -124,10 +124,11 @@ You can also specify these options by using environment variables. The command `
 ```console
 [qtc@devbox ~]$ car env ajp
 [+] Available environment variables are:
-[+] Name                Current Value                   Description
-[+] car_http_port       8001                            HTTP proxy port on your local machine.
-[+] car_log_folder      /home/qtc/arsenal/ajp           Folder where mod_jk logs are stored (volume).
-[+] car_target_host     172.17.0.1                      Targeted server that exposes the AJP listener.
-[+] car_target_port     8009                            AJP port of the targeted server. Most of the times 8009 (the default) is what you want.
-[+] car_local_uid       1000                            UID of the Apache user.
+[+] 
+[+] Name                Current Value             Description
+[+] car_http_port       8001                      HTTP proxy port on your local machine.
+[+] car_log_folder      /home/qtc/arsenal/ajp     Folder where mod_jk logs are stored (volume).
+[+] car_target_host     172.17.0.1                Targeted server that exposes the AJP listener.
+[+] car_target_port     8009                      AJP port of the targeted server. Most of the times 8009 (the default) is what you want.
+[+] car_local_uid       1000                      UID of the Apache user.
 ```

car/resources/containers/ftp/README.md

@@ -125,9 +125,10 @@ You can also specify these options by using environment variables. The command `
 ```console
 [qtc@devbox ~]$ car env ftp
 [+] Available environment variables are:
-[+] Name                Current Value                        Description
-[+] car_ftp_port        21                                   FTP port mapped to your local machine.
-[+] car_user_folder     /home/qtc/arsenal/ftp/user           Volume location for the FTP user folder.
-[+] car_anon_folder     /home/qtc/arsenal/ftp/anon           Volume location for the FTP anonymous folder.
-[+] car_local_uid       1000                                 UID of the FTP user.
+[+] 
+[+] Name                Current Value                  Description
+[+] car_ftp_port        21                             FTP port mapped to your local machine.
+[+] car_user_folder     /home/qtc/arsenal/ftp/user     Volume location for the FTP user folder.
+[+] car_anon_folder     /home/qtc/arsenal/ftp/anon     Volume location for the FTP anonymous folder.
+[+] car_local_uid       1000                           UID of the FTP user.
 ```

car/resources/containers/h2b/README.md

@@ -139,6 +139,7 @@ You can also specify these options by using environment variables. The command `
 ```console
 [qtc@devbox ~]$ car env h2b
 [+] Available environment variables are:
-[+] Name                               Current Value                      Description
-[+] car_http_port                      8001                               HTTP proxy port opened on your local machine.
+[+] 
+[+] Name               Current Value             Description
+[+] car_http_port      8001                      HTTP proxy port opened on your local machine.
 ```

car/resources/containers/mysql/README.md

@@ -71,12 +71,13 @@ variables. The command ``car env mysql`` explains their corresponding usage:
 ```console
 [qtc@devbox ~]$ car env mysql
 [+] Available environment variables are:
-[+] Name                   Current Value                     Description
-[+] car_mysql_user         default                           Default MySQL user that is created for database access.
-[+] car_mysql_port         127.0.0.1:3306                    MySQL port that is mapped to your local system.
-[+] car_mysql_folder       /home/qtc/arsenal/mysql           Local folder where database contents are stored (volume).
-[+] car_root_password                                        Password for the MySQL root account.
-[+] car_mysql_database     default                           Default MySQL database.
-[+] car_mysql_password                                       Password for the default MySQL user account.
-[+] car_local_uid          1000                              UID of the MySQL user.
+[+] 
+[+] Name                   Current Value               Description
+[+] car_mysql_user         default                     MySQL user that is created for database access.
+[+] car_mysql_port         127.0.0.1:3306              MySQL port that is mapped to your local system.
+[+] car_mysql_folder       /home/qtc/arsenal/mysql     Local folder where database contents are stored (volume).
+[+] car_root_password                                  Password for the MySQL root account.
+[+] car_mysql_database     default                     MySQL database that is created during startup.
+[+] car_mysql_password                                 Password for the default MySQL user account.
+[+] car_local_uid          1000                        UID of the MySQL user.
 ```

car/resources/containers/neo4j/README.md

@@ -42,9 +42,10 @@ You can also specify options by using environment variables. The command ``car e
 ```console
 [qtc@devbox ~]$ car env neo4j
 [+] Available environment variables are:
-[+] Name                 Current Value                     Description
-[+] car_http_port        127.0.0.1:7474                    HTTP port for neo4j webinterface mapped to your local machine.
-[+] car_bolt_port        127.0.0.1:7687                    BOLT port for Bloodhound access mapped to your local machine.
-[+] car_neo4j_folder     /home/qtc/arsenal/neo4j           Folder where the neo4j database is stored (volume).
-[+] car_local_uid        1000                              UID of the neo4j user.
+[+] 
+[+] Name                 Current Value               Description
+[+] car_http_port        127.0.0.1:7474              HTTP port for neo4j webinterface mapped to your local machine.
+[+] car_bolt_port        127.0.0.1:7687              BOLT port for Bloodhound access mapped to your local machine.
+[+] car_neo4j_folder     /home/qtc/arsenal/neo4j     Folder where the neo4j database is stored (volume).
+[+] car_local_uid        1000                        UID of the neo4j user.
 ```

car/resources/containers/nginx/Dockerfile

@@ -1,12 +1,11 @@
 FROM alpine:3.15.4
 
 RUN set -ex \
-    && apk --no-cache add nginx apache2-utils shadow \
+    && apk --no-cache add nginx apache2-utils shadow openssl \
     && mkdir -p /scripts /run/nginx/ \
     && mkdir -p /var/www/html/download \
-    && mkdir -p /var/www/html/upload
+    && mkdir -p /var/www/html/upload /etc/nginx/ssl
 
 COPY scripts/start.sh /scripts/start.sh
-COPY ssl /etc/nginx/ssl
 
 ENTRYPOINT ["ash", "/scripts/start.sh"]

car/resources/containers/nginx/README.md

@@ -78,10 +78,11 @@ You can also specify these options by using environment variables. The command `
 ```console
 [qtc@devbox ~]$ car env nginx 
 [+] Available environment variables are:
-[+] Name                    Current Value                              Description
-[+] car_http_port           80                                         HTTP port that is mapped to your local system.
-[+] car_https_port          443                                        HTTPS port that is mapped to your local system.
-[+] car_upload_folder       /home/qtc/arsenal/nginx/upload             Upload resource folder of the container (volume).
-[+] car_download_folder     /home/qtc/arsenal/nginx/download           Download resource folder of the container (volume).
-[+] car_local_uid           1000                                       UID of the nginx user.
+[+] 
+[+] Name                    Current Value                        Description
+[+] car_http_port           80                                   HTTP port that is mapped to your local system.
+[+] car_https_port          443                                  HTTPS port that is mapped to your local system.
+[+] car_upload_folder       /home/qtc/arsenal/nginx/upload       Upload resource folder of the container (volume).
+[+] car_download_folder     /home/qtc/arsenal/nginx/download     Download resource folder of the container (volume).
+[+] car_local_uid           1000                                 UID of the nginx user.
 ```

car/resources/containers/nginx/docker-compose.yml

@@ -4,15 +4,14 @@ services:
 
   car.nginx:
     container_name: car.nginx
-    image: ghcr.io/qtc-de/container-arsenal/nginx:1.0.0
+    image: ghcr.io/qtc-de/container-arsenal/nginx:1.1.0
     build: .
     environment:
       LOCAL_UID: ${car_local_uid}
     volumes:
       - ${car_upload_folder}:/var/www/html/upload/
       - ${car_download_folder}:/var/www/html/download/
       - ./config:/etc/nginx/http.d
-      - ./ssl:/etc/nginx/ssl/
       - ./scripts/start.sh:/scripts/start.sh
     ports:
       - "${car_http_port}:80"

car/resources/containers/nginx/scripts/start.sh

@@ -7,8 +7,16 @@ fi
 echo "[+] Adjusting UID values."
 usermod -u ${LOCAL_UID} nginx &> /dev/null
 groupmod -g ${LOCAL_UID} nginx &> /dev/null
-chown nginx:nginx /var/www/html/download
-chown nginx:nginx /var/www/html/upload
+
+echo "[+] Adjusting volume permissions."
+chown -R -P nginx:nginx /var/www/html
+
+if ! [ -f /etc/nginx/ssl/webdav-cert.pem ]; then
+    echo "[+] Creating TLS certificate."
+    openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
+        -subj "/C=ME/ST=TheShire/L=Frogmorton/O=LOTR/OU=Hobbits/CN=webdav-server" \
+        -keyout /etc/nginx/ssl/webdav-key.pem  -out /etc/nginx/ssl/webdav-cert.pem &> /dev/null
+fi
 
 if [ -z ${PASSWORD} ]; then
   PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)