From 26e78904ac405bdc0c30a84a475aa929bc7786af Mon Sep 17 00:00:00 2001
From: okasion <leandromatias.martinez@gmail.com>
Date: Sun, 7 Dec 2025 12:13:27 -0300
Subject: [PATCH] Fixed Apache SSL

---
 entrypoint.sh | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 770ab77..f9b6a64 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -203,10 +203,30 @@ echo "--> Starting Apache + PHP (background)"
 /usr/sbin/apache2ctl -D FOREGROUND  &
 APACHE_PID=$!
 
+# HTTPS setup — using the real LDAP certificates
+echo "--> Configuring Apache for HTTPS with real certificates"
+
+export DEBIAN_FRONTEND=noninteractive  # Silence a2ensite prompts
+
+APACHE_CERT_FILE="/etc/ldap/certs/ldap01_slapd_cert_full.pem"
+APACHE_KEY_FILE="/etc/ldap/certs/ldap01_slapd_key.pem"
+
+# Enable the site silently
+a2ensite default-ssl.conf >/dev/null 2>&1
+
+# Replace the snakeoil certs with your real ones
+sed -i -E "s|^\s*SSLCertificateFile\s+.*|SSLCertificateFile ${APACHE_CERT_FILE}|g" \
+    /etc/apache2/sites-available/default-ssl.conf
+sed -i -E "s|^\s*SSLCertificateKeyFile\s+.*|SSLCertificateKeyFile ${APACHE_KEY_FILE}|g" \
+    /etc/apache2/sites-available/default-ssl.conf
+
+# Reload Apache gracefully (updates config without killing)
+apache2ctl graceful >/dev/null 2>&1
+
 # Victory message
 echo "--> ldapdock ready — OpenLDAP + Apache + PHP running"
 echo "   → LDAP: 389/636"
-echo "   → PHPinfo: http://localhost/info.php"
+echo "   → PHPinfo: https://localhost/info.php"
 echo "   → Shell: /bin/bash"
 echo "   → Exit with CTRL+D or 'exit' command"