lolcat/4get
6
21
Fork 5
Code Issues 29 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Disable https listener on port 443 when only http is used #62

New Issue
Closed
opened 2025-01-23 20:42:43 +00:00 by ich777 · 4 comments
ich777 commented 2025-01-23 20:42:43 +00:00
Copy Link

Hi,
if only using http configuration the listener for https on 443 also starts which shouldn't happen.

I would really liked to create a PR to make your life easier, however I'm not allowed to fork the repo, I think this is the easiest way for this container to prevent the https listener on port 443 to start (2x if statements that moves the ssl.conf around):

#!/bin/sh
set -e

# remove quotes from variable if present
FOURGET_PROTO="${FOURGET_PROTO%\"}"
FOURGET_PROTO="${FOURGET_PROTO#\"}"

# make lowercase
FOURGET_PROTO=`echo $FOURGET_PROTO | awk '{print tolower($0)}'`


if [ "$FOURGET_PROTO" = "https" ]; then
        echo "Using https configuration"
        cp /etc/apache2/https.conf /etc/apache2/httpd.conf
        if [ ! -f /etc/apache2/conf.d/ssl.conf ]; then
                mv /etc/apache2/conf.d/.ssl.conf /etc/apache2/conf.d/ssl.conf
        fi
else
        echo "Using http configuration"
        cp /etc/apache2/http.conf /etc/apache2/httpd.conf
        if [ -f /etc/apache2/conf.d/ssl.conf ]; then
                mv /etc/apache2/conf.d/ssl.conf /etc/apache2/conf.d/.ssl.conf
        fi
fi

php ./docker/gen_config.php


echo "4get is running"
exec httpd -DFOREGROUND
Hi, if only using http configuration the listener for https on 443 also starts which shouldn't happen. I would really liked to create a PR to make your life easier, however I'm not allowed to fork the repo, I think this is the easiest way for this container to prevent the https listener on port 443 to start (2x if statements that moves the `ssl.conf` around): ``` #!/bin/sh set -e # remove quotes from variable if present FOURGET_PROTO="${FOURGET_PROTO%\"}" FOURGET_PROTO="${FOURGET_PROTO#\"}" # make lowercase FOURGET_PROTO=`echo $FOURGET_PROTO | awk '{print tolower($0)}'` if [ "$FOURGET_PROTO" = "https" ]; then echo "Using https configuration" cp /etc/apache2/https.conf /etc/apache2/httpd.conf if [ ! -f /etc/apache2/conf.d/ssl.conf ]; then mv /etc/apache2/conf.d/.ssl.conf /etc/apache2/conf.d/ssl.conf fi else echo "Using http configuration" cp /etc/apache2/http.conf /etc/apache2/httpd.conf if [ -f /etc/apache2/conf.d/ssl.conf ]; then mv /etc/apache2/conf.d/ssl.conf /etc/apache2/conf.d/.ssl.conf fi fi php ./docker/gen_config.php echo "4get is running" exec httpd -DFOREGROUND ```
lolcat commented 2025-01-23 23:22:23 +00:00
Owner
Copy Link

@throwaway what do you make of this?

@throwaway what do you make of this?
throwaway commented 2025-01-24 09:30:44 +00:00
Collaborator
Copy Link

Thank you for investigating this! You are absolutely correct, nothing should bind to 443 if the intention is to run http only.

I see you are toggling the filename between ssl.conf and .ssl.conf
your solution is nice, but in my opinion it is generally better to not do surgery with filesystem and instead apply working configs

I've created a PR that gives http and https their own conf.d folder
This way when running in http mode a empty conf.d/ssl.conf will override the default content and prevent binding to 443.

Let me know if this works for you!

Thank you for investigating this! You are absolutely correct, nothing should bind to 443 if the intention is to run http only. I see you are toggling the filename between `ssl.conf` and `.ssl.conf` your solution is nice, but in my opinion it is generally better to not do surgery with filesystem and instead apply working configs I've created a PR that gives http and https their own `conf.d` folder This way when running in http mode a empty `conf.d/ssl.conf` will override the default content and prevent binding to 443. Let me know if this works for you!
lolcat commented 2025-01-24 15:43:55 +00:00
Owner
Copy Link

Fixed and merged in latest commit, also pushed to docker. Feel free to re-open if another issue arises

@throwaway thank you bro

Fixed and merged in latest commit, also pushed to docker. Feel free to re-open if another issue arises @throwaway thank you bro
ich777 commented 2025-01-25 07:31:49 +00:00
Author
Copy Link

@throwaway that would of course work but seems a bit complicated and I think it would be way easier just to move around the ssl.conf since you also overwrite the httpd.conf with whatever the user is using <- that's why I don't understand the argument with not "surgery with the filesystem" since you already doing it.

However if it works for you and works then it works for me. :)

@throwaway that would of course work but seems a bit complicated and I think it would be way easier just to move around the `ssl.conf` since you also overwrite the `httpd.conf` with whatever the user is using <- that's why I don't understand the argument with not "surgery with the filesystem" since you already doing it. However if it works for you and works then it works for me. :)
❤️ 1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
throwaway lolcat
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: lolcat/4get#62
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?