Merge pull request #35 from jdeathe/issue/31

jdeathe · jdeathe · commit 1bb730a06952 · 2016-01-16T13:44:18.000Z
ISSUE 31: Updated README ready for release 1.3.1.
diff --git a/README.md b/README.md
@@ -1,22 +1,32 @@
 centos-ssh-apache-php-fcgi
 ==========================
 
-Docker Image including CentOS-6 6.6 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1, Composer.
+Docker Image including CentOS-6 6.6 x86_64, Apache 2.2, PHP 5.3, PHP memcached 1.0, PHP APC 3.1.
 
-Apache (mod_fcgid) loads only a minimal set of modules by default. Supports custom configuration via a configuration data volume.
+Apache PHP web server, loading only a minimal set of Apache modules by default. Supports custom configuration via environment variables and/or a configuration data volume.
 
 ## Overview & links
 
 The [Dockerfile](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/Dockerfile) can be used to build a base image that can be run as-is or used as the bases for other more specific builds.
 
-Included in the build is the EPEL repository and SSH, vi, elinks (for fullstatus support), APC, Memcache and Composer are installed along with python-pip, supervisor and supervisor-stdout.
+This build of [Apache](https://httpd.apache.org/), (httpd CentOS package), uses the [mod_fcgid](https://httpd.apache.org/mod_fcgid/) module to run [PHP](http://php.net/) as a [FastCGI](http://www.fastcgi.com/) process.
 
-[Supervisor](http://supervisord.org/) is used to start httpd (and optionally the sshd) daemon when a docker container based on this image is run. To enable simple viewing of stdout for the sshd subprocess, supervisor-stdout is included. This allows you to see output from the supervisord controlled subprocesses with `docker logs <docker-container-name>`.
+Included in the build are the [EPEL](http://fedoraproject.org/wiki/EPEL) and [IUS](https://ius.io/) repositories. Installed packages include [OpenSSH](http://www.openssh.com/portable.html) secure shell, [vim-minimal](http://www.vim.org/), [elinks](http://elinks.or.cz) (for fullstatus support), PHP [APC](http://pecl.php.net/package/APC), PHP [Memcached](http://pecl.php.net/package/memcached) are installed along with python-setuptools, [supervisor](http://supervisord.org/) and [supervisor-stdout](https://github.com/coderanger/supervisor-stdout).
 
-SSH is not required in order to access a terminal for the running container the preferred method is to use Command Keys and the nsenter command. See [command-keys.md](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/command-keys.md) for details on how to set this up.
+Supervisor is used to start httpd.worker daemon when a docker container based on this image is run. To enable simple viewing of stdout for the sshd subprocess, supervisor-stdout is included. This allows you to see output from the supervisord controlled subprocesses with ```docker logs <docker-container-name>```.
 
 If enabling and configuring SSH access, it is by public key authentication and, by default, the [Vagrant](http://www.vagrantup.com/) [insecure private key](https://github.com/mitchellh/vagrant/blob/master/keys/vagrant) is required.
 
+### SSH Alternatives
+
+SSH is not required in order to access a terminal for the running container. The simplest method is to use the docker exec command to run bash (or sh) as follows: 
+
+```
+$ docker exec -it <docker-name-or-id> bash
+```
+
+For cases where access to docker exec is not possible the preferred method is to use Command Keys and the nsenter command. See [command-keys.md](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/command-keys.md) for details on how to set this up.
+
 ## Quick Example
 
 Run up a container named ```apache-php.app-1.1.1``` from the docker image ```jdeathe/centos-ssh-apache-php-fcgi``` on port 8080 of your docker host.
@@ -25,12 +35,12 @@ Run up a container named ```apache-php.app-1.1.1``` from the docker image ```jde
 $ docker run -d \
   --name apache-php.app-1.1.1 \
   -p 8080:80 \
-  --env SERVICE_UNIT_APP_GROUP=app-1 \
-  --env SERVICE_UNIT_LOCAL_ID=1 \
-  --env SERVICE_UNIT_INSTANCE=1 \
-  --env APACHE_SERVER_NAME=app-1.local \
-  --env APACHE_SERVER_ALIAS=app-1 \
-  --env DATE_TIMEZONE=UTC \
+  --env "SERVICE_UNIT_APP_GROUP=app-1" \
+  --env "SERVICE_UNIT_LOCAL_ID=1" \
+  --env "SERVICE_UNIT_INSTANCE=1" \
+  --env "APACHE_SERVER_ALIAS=app-1" \
+  --env "APACHE_SERVER_NAME=app-1.local" \
+  --env "DATE_TIMEZONE=UTC" \
   -v /var/services-data/apache-php/app-1:/var/www/app \
   jdeathe/centos-ssh-apache-php-fcgi:latest
 ```
@@ -67,21 +77,50 @@ $ docker run \
 
 ### Running
 
-To run the a docker container from this image you can use the included [run.sh](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/run.sh) and [run.conf](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/run.conf) scripts. The helper script will stop any running container of the same name, remove it and run a new daemonised container on an unspecified host port. Alternatively you can use the following.
+To run the a docker container from this image you can use the included [run.sh](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/run.sh) and [run.conf](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/run.conf) scripts. The helper script will stop any running container of the same name, remove it and run a new daemonised container on an unspecified host port. Alternatively you can use the following methods to make the http service available on ports 8080 of the docker host.
+
+#### Using environment variables
+
+*Note:* Settings applied by environment variables will override those set within configuration volumes from release 1.3.1. Existing installations that use the apache-bootstrap.conf saved on a configuration "data" volume will not allow override by the environment variables. Also apache-bootstrap.conf can be updated to prevent the value being replaced by that set using the environment variable.
 
 ```
 $ docker stop apache-php.app-1.1.1 && \
   docker rm apache-php.app-1.1.1
 $ docker run -d \
   --name apache-php.app-1.1.1 \
   -p 8080:80 \
-  -p 8580:8443 \
-  --env SERVICE_UNIT_INSTANCE=app-1 \
-  --env SERVICE_UNIT_LOCAL_ID=1 \
-  --env SERVICE_UNIT_INSTANCE=1 \
-  --env APACHE_SERVER_NAME=app-1.local \
-  --env APACHE_SERVER_ALIAS=app-1 \
-  --env DATE_TIMEZONE=UTC \
+  --env "SERVICE_UNIT_INSTANCE=app-1" \
+  --env "SERVICE_UNIT_LOCAL_ID=1" \
+  --env "SERVICE_UNIT_INSTANCE=1" \
+  --env "APACHE_SERVER_ALIAS=app-1" \
+  --env "APACHE_SERVER_NAME=app-1.local" \
+  --env "APACHE_LOAD_MODULES=authz_user_module log_config_module expires_module deflate_module headers_module setenvif_module mime_module status_module dir_module alias_module rewrite_module" \
+  --env "APACHE_MOD_SSL_ENABLED=false" \
+  --env "APP_HOME_DIR=/var/www/app-1" \
+  --env "DATE_TIMEZONE=UTC" \
+  --env "SERVICE_USER=app" \
+  --env "SERVICE_USER_GROUP=app-www" \
+  --env "SERVICE_USER_PASSWORD=" \
+  -v /var/services-data/apache-php/app-1:/var/www/app-1 \
+  jdeathe/centos-ssh-apache-php-fcgi:latest
+```
+
+#### Using configuration volume
+
+The following example uses the settings from the optonal configuration volume volume-config.apache-php.app-1.1.1 and maps a data volume for persistent storage of the Apache app data on the docker host.
+
+```
+$ docker stop apache-php.app-1.1.1 && \
+  docker rm apache-php.app-1.1.1
+$ docker run -d \
+  --name apache-php.app-1.1.1 \
+  -p 8080:80 \
+  --env "SERVICE_UNIT_INSTANCE=app-1" \
+  --env "SERVICE_UNIT_LOCAL_ID=1" \
+  --env "SERVICE_UNIT_INSTANCE=1" \
+  --env "APACHE_SERVER_ALIAS=app-1" \
+  --env "APACHE_SERVER_NAME=app-1.local" \
+  --env "DATE_TIMEZONE=UTC" \
   --volumes-from volume-config.apache-php.app-1.1.1 \
   -v /var/services-data/apache-php/app-1:/var/www/app \
   jdeathe/centos-ssh-apache-php-fcgi:latest
@@ -99,109 +138,111 @@ The output of the logs should show the Apache modules being loaded and auto-gene
 
 There are several environmental variables defined at runtime these allow the operator to customise the running container which may become necessary when running several on the same docker host, when clustering docker hosts or to simply set the timezone.
 
-##### 1. SERVICE_UNIT*
+##### 1. SERVICE_UNIT_INSTANCE, SERVICE_UNIT_LOCAL_ID & SERVICE_UNIT_INSTANCE
 
-The ```SERVICE_UNIT``` environmental variables are used to set a response header named ```X-Service-Uid``` that lets you identify the container that is serving the content. This is useful when you have many containers running on a single host using different ports (i.e with different ```SERVICE_UNIT_LOCAL_ID``` values) or if you are running a cluster and need to identify which host the content is served from (i.e with different ```SERVICE_UNIT_INSTANCE``` values). The three values should map to the last 3 dotted values of the container name; in our case that is "app-1.1.1"
+The ```SERVICE_UNIT_INSTANCE```, ```SERVICE_UNIT_LOCAL_ID``` and ```SERVICE_UNIT_INSTANCE``` environmental variables are used to set a response header named ```X-Service-Uid``` that lets you identify the container that is serving the content. This is useful when you have many containers running on a single host using different ports (i.e with different ```SERVICE_UNIT_LOCAL_ID``` values) or if you are running a cluster and need to identify which host the content is served from (i.e with different ```SERVICE_UNIT_INSTANCE``` values). The three values should map to the last 3 dotted values of the container name; in our case that is "app-1.1.1"
 
 ```
 ...
-  --env SERVICE_UNIT_APP_GROUP=app-1 \
-  --env SERVICE_UNIT_LOCAL_ID=1 \
-  --env SERVICE_UNIT_INSTANCE=1 \
+  --env "SERVICE_UNIT_APP_GROUP=app-1" \
+  --env "SERVICE_UNIT_LOCAL_ID=1" \
+  --env "SERVICE_UNIT_INSTANCE=1" \
 ...
 ```
 
-##### 2. APACHE_SERVER*
+##### 2. APACHE_SERVER_NAME & APACHE_SERVER_ALIAS
 
 The ```APACHE_SERVER_NAME``` and ```APACHE_SERVER_ALIAS``` environmental variables are used to set the VirtualHost ```ServerName``` and ```ServerAlias``` values respectively. In the following example the running container would respond to the host names ```app-1.local``` or ```app-1```:
 
 ```
 ...
-  --env APACHE_SERVER_NAME=app-1.local \
-  --env APACHE_SERVER_ALIAS=app-1 \
+  --env "APACHE_SERVER_ALIAS=app-1" \
+  --env "APACHE_SERVER_NAME=app-1.local" \
 ...
 ```
 
 from your browser you can then access it with ```http://app-1.local:8080``` assuming you have the IP address of your docker mapped to the hostname using your DNS server or a local hosts entry.
 
-##### 3. DATE_TIMEZONE
-
-The default timezone for the container, and the PHP app, is UTC however the operator can set an appropriate timezone using the ```DATE_TIMEZONE``` variable. The value should be a timezone identifier, like UTC or Europe/London. The list of valid identifiers is available in the PHP [List of Supported Timezones](http://php.net/manual/en/timezones.php).
+##### 3. APACHE_LOAD_MODULES
 
-To set the timezone for the UK and account for British Summer Time you would use:
+The variable ```APACHE_LOAD_MODULES``` defines all Apache modules to be loaded from */etc/httpd/conf/http.conf*. The default is the minimum required so you may need to add more as necessary. To add the "mod\_rewrite" Apache Module you would add it's identifier ```rewrite_module``` to the array as follows.
 
 ```
 ...
-  --env DATE_TIMEZONE=Europe/London \
+  --env "APACHE_LOAD_MODULES=authz_user_module log_config_module expires_module deflate_module headers_module setenvif_module mime_module status_module dir_module alias_module rewrite_module"
 ...
 ```
 
-### Custom Configuration
+##### 4. APACHE_MOD_SSL_ENABLED
 
-If using the optional data volume for container configuration you are able to customise the configuration. In the following examples your custom docker configuration files should be located on the Docker host under the directory ```/etc/service-config/<container-name>/``` where ```<container-name>``` should match the applicable container name such as "apache-php.app-1.1.1" in the examples.
+By default SSL support is disabled but a second port, (mapped to 8443), is available for traffic that has been been through upstream SSL termination (SSL Offloading). If you want the container to support SSL directly then set ```APACHE_MOD_SSL_ENABLED=true``` this will then generate a self signed certificate and will update Apache to accept traffic on port 443.
 
-#### [httpd/apache-bootstrap.conf](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/etc/services-config/httpd/apache-bootstrap.conf)
+*Note:* The included helper script [run.sh](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/run.sh) will automatically map the docker host port 8580 to 443 but if you are running docker manually can use the following.
 
-The bootstrap script initialises the app. It sets up the Apache service user + group, generates passwords, enables Apache modules and adds/removes SSL support.
+```
+$ docker stop apache-php.app-1.1.1 && \
+  docker rm apache-php.app-1.1.1
+$ docker run -d \
+  --name apache-php.app-1.1.1 \
+  -p 8080:80 \
+  -p 8580:443 \
+  --env "SERVICE_UNIT_APP_GROUP=app-1" \
+  --env "SERVICE_UNIT_LOCAL_ID=1" \
+  --env "SERVICE_UNIT_INSTANCE=1" \
+  --env "APACHE_SERVER_ALIAS=app-1" \
+  --env "APACHE_SERVER_NAME=app-1.local" \
+  --env "APACHE_MOD_SSL_ENABLED=true" \
+  --env "DATE_TIMEZONE=UTC" \
+  -v /var/services-data/apache-php/app-1:/var/www/app \
+  jdeathe/centos-ssh-apache-php-fcgi:latest
+```
 
-##### 1. Service User
+##### 5. APP_HOME_DIR
 
-Use the ```SERVICE_USER*``` variables in your custom apache-bootstrap.conf file to override this and to also define a custom username and/or group.
+The home directory of the service user and parent directory of the Apache DocumentRoot is  /var/www/app by default but can be changed if necessary using the ```APP_HOME_DIR``` environment variable. It is also necessary to change the target of the data volume mapping accordingly as in the following example where /var/www/app-1 is used.
 
 ```
-SERVICE_USER=apacheUser
-SERVICE_USER_GROUP=apacheGroup
-SERVICE_USER_PASSWORD=userPassword123
-SERVICE_USER_GROUP_PASSWORD=userGroupPassword123
+...
+  --env "APP_HOME_DIR=/var/www/app-1" \
+  -v /var/services-data/apache-php/app-1:/var/www/app-1 \
+...
 ```
 
-##### 2. Apache Modules
+##### 6. DATE_TIMEZONE
 
-The variable ```APACHE_LOAD_MODULES``` defines all Apache modules to be loaded from */etc/httpd/conf/http.conf*. The default is the minimum required so you may need to add more as necessary. To add the "mod\_rewrite" Apache Module you would add it's identifier ```rewrite_module``` to the array as follows.
+The default timezone for the container, and the PHP app, is UTC however the operator can set an appropriate timezone using the ```DATE_TIMEZONE``` variable. The value should be a timezone identifier, like UTC or Europe/London. The list of valid identifiers is available in the PHP [List of Supported Timezones](http://php.net/manual/en/timezones.php).
+
+To set the timezone for the UK and account for British Summer Time you would use:
 
 ```
-APACHE_LOAD_MODULES="
-    authz_user_module
-    log_config_module
-    expires_module
-    deflate_module
-    headers_module
-    setenvif_module
-    mime_module
-    status_module
-    dir_module
-    alias_module
-    rewrite_module
-"
+...
+  --env "DATE_TIMEZONE=Europe/London" \
+...
 ```
 
-##### 3. SSL Support
-
-By default SSL support is disabled but a second port, (mapped to 8443), is available for traffic that has been been through upstream SSL termination (SSL Offloading). If you want the container to support SSL directly then set ```APACHE_MOD_SSL_ENABLED=true``` this will then generate a self signed certificate and will update Apache to accept traffic on port 443.
+##### 7. SERVICE_USER, SERVICE_USER_GROUP & SERVICE_USER_PASSWORD
 
-*Note:* The included helper script [run.sh](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/run.sh) will automatically map the docker host port 8580 to 443 but if you are running docker manually can use the following.
+Use the ```SERVICE_USER```, ```SERVICE_USER_GROUP``` and ```SERVICE_USER_PASSWORD``` environment variables to define a custom service username, group and password respectively. If the password is left an empty string then it is automatically generated on first run which is the default.
 
 ```
-$ docker stop apache-php.app-1.1.1 && \
-  docker rm apache-php.app-1.1.1
-$ docker run -d \
-  --name apache-php.app-1.1.1 \
-  -p 8080:80 \
-  -p 8580:443 \
-  --env SERVICE_UNIT_APP_GROUP=app-1 \
-  --env SERVICE_UNIT_LOCAL_ID=1 \
-  --env SERVICE_UNIT_INSTANCE=1 \
-  --env APACHE_SERVER_NAME=app-1.local \
-  --env APACHE_SERVER_ALIAS=app-1 \
-  --env DATE_TIMEZONE=UTC \
-  --volumes-from volume-config.apache-php.app-1.1.1 \
-  -v /var/services-data/apache-php/app-1:/var/www/app \
-  jdeathe/centos-ssh-apache-php-fcgi:latest
+...
+  --env "SERVICE_USER=apacheUser" \
+  --env "SERVICE_USER_GROUP=apacheGroup" \
+  --env "SERVICE_USER_PASSWORD=userPassword123" \
+...
 ```
 
+### Custom Configuration
+
+If using the optional data volume for container configuration you are able to customise the configuration. In the following examples your custom docker configuration files should be located on the Docker host under the directory ```/etc/service-config/<container-name>/``` where ```<container-name>``` should match the applicable container name such as "apache-php.app-1.1.1" in the examples.
+
+#### [httpd/apache-bootstrap.conf](https://github.com/jdeathe/centos-ssh-apache-php-fcgi/blob/centos-6/etc/services-config/httpd/apache-bootstrap.conf)
+
+The bootstrap script initialises the app. It sets up the Apache service user + group, generates passwords, enables Apache modules and adds/removes SSL support.
+
 #### ssl/certs/localhost.crt
 
-You may need to override the default auto-generated self signed certificate. To do this you can add the SSLCertificateFile to your config directory using the filename ```localhost.crt``` for example:
+You may need to override the default auto-generated self signed certificate. To do this you can add the SSLCertificateFile to the Docker hosts directory using the filename ```localhost.crt``` for example:
 
 ```
 /etc/services-config/apache-php.app-1.1.1/ssl/certs/localhost.crt
@@ -223,7 +264,7 @@ To override the SSLCertificateKeyFile add it to your config directory using the
 
 The supervisor service's configuration can also be overridden by editing the custom supervisord.conf file. It shouldn't be necessary to change the existing configuration here but you could include more [program:x] sections to run additional commands at startup.
 
-### DocumentRoot Data Directory
+### Apache DocumentRoot - Data Directory
 
 In the previous example Docker run commands we mapped the Docker host directory ```/var/services-data/apache-php/app-1``` to ```/var/www/app``` in the Docker container, where ```/var/services-data/``` is the directory used to store persistent files and the subdirectory is used by an individual app's named container(s), ```apache-php.app-1.1.1```, in the previous examples.
 
