MAINTAINER "Jérôme Jutteau <jerome@jutteau.fr>"
# lighttpd user
-ARG USER_UID=100
+ARG USER_ID=100
# www-data group
-ARG GROUP_UID=82
+ARG GROUP_ID=82
# install base
RUN apk update && \
WORKDIR /www
COPY .git .git
RUN apk add git && \
- git reset --hard && rm -rf docker .git .gitignore .gitlab-ci.yml CONTRIBUTING.md Dockerfile README.md && \
+ git reset --hard && rm -rf docker install.php .git .gitignore .gitlab-ci.yml CONTRIBUTING.md Dockerfile README.md && \
apk del git && \
touch /www/lib/config.local.php && \
- chown -R $USER_UID.$GROUP_UID /www && \
+ chown -R $USER_ID.$GROUP_ID /www && \
chmod o=,ug=rwX -R /www
COPY docker/cleanup.sh /cleanup.sh
-RUN chmod o=,ug=rx /cleanup.sh
COPY docker/run.sh /run.sh
-RUN chmod o=,ug=rx /run.sh
+RUN chmod o=,ug=rx /cleanup.sh /run.sh
COPY docker/docker_config.php /docker_config.php
# install lighttpd
RUN apk add lighttpd php7-mcrypt && \
echo "extension=/usr/lib/php7/modules/mcrypt.so" > /usr/local/etc/php/conf.d/mcrypt.ini && \
- chown -R $USER_UID /var/log/lighttpd && \
- chmod oug=rwX /run && \
+ chown -R $USER_ID /var/log/lighttpd && \
mkdir -p /usr/local/etc/php
COPY docker/php.ini /usr/local/etc/php/php.ini
COPY docker/lighttpd.conf /etc/lighttpd/lighttpd.conf
-
# cleanup
RUN rm -rf /var/cache/apk/*
-
CMD /run.sh
EXPOSE 80
\ No newline at end of file
```
Then connect on [locahost:8080](http://localhost:8080/).
+The admin console is located on `/admin.php`, check console output to get auto-generated admin password.
# Build your own Jirafeau docker image
# Security
-Jirafeau is run without privilidges with user id 2009. To make it able to open privilidged ports you can pass the capability, just stay with 8080 and use a reverse proxy or map the port 80:8080.
+You may be interested to run Jirafeau on port 80:
```
docker run -d -p 80:80 --sysctl net.ipv4.ip_unprivileged_port_start=80 mojo42/jirafeau
-docker run -d -p 8080:80 mojo42/jirafeau
-docker run -d -p 80:80 mojo42/jirafeau
```
Note that Jirafeau image does not provide any SSL/TLS. You may be interrested in using [docker compose](https://docs.docker.com/compose/) combined with [Let's Encrypt](https://letsencrypt.org/).
More details about options in `lib/config.original.php`.
Available options:
+- `ADMIN_PASSWORD`: setup a specific admin password. If not set, a random password will be generated.
+- `WEB_ROOT`: setup a specific domain to point at when generating links (e.g. 'jirafeau.mydomain.com/').
+- `VAR_ROOT`: setup a specific path where to place files. default: '/data'.
- `FILE_HASH`: can be set to `md5` (default), `partial_md5` or `random`.
## Few notes
require(JIRAFEAU_ROOT . 'lib/functions.php');
require(JIRAFEAU_ROOT . 'lib/lang.php');
-function env_2_cfg_string($cfg, $config_name, $env_name)
+function env_2_cfg_string(&$cfg, $config_name, $env_name, $default = null)
{
- $r = getenv($env_name, true);
+ $r = getenv($env_name);
if ($r === false) {
- return;
+ if (is_null($default)) {
+ return false;
+ } else {
+ $r = $default;
+ }
}
- echo("setting up '" . $env_name . "' option\n");
+ echo("setting $config_name to '$r'\n");
$cfg[$config_name] = $r;
- jirafeau_export_cfg($cfg);
+ return true;
+}
+
+function setup_admin_password(&$cfg)
+{
+ if (strlen($cfg['admin_password']) > 0) {
+ return true;
+ }
+ echo("setting up admin password\n");
+ $p = getenv('ADMIN_PASSWORD');
+ if ($p === false) {
+ $p = jirafeau_gen_random(20);
+ echo("auto-generated admin password: $p\n");
+ }
+ $cfg['admin_password'] = hash('sha256', $p);
+ return true;
+}
+
+function set_rights($path)
+{
+ $uid = getenv('USER_ID');
+ if ($uid === false) {
+ $uid = 100;
+ }
+ $gid = getenv('GROUP_ID');
+ if ($gid === false) {
+ $gid = 82;
+ }
+ if (!chown($path, $uid)) {
+ echo("setting up user $uid for $path: failed\n");
+ return false;
+ }
+ if (!chgrp($path, $gid)) {
+ echo("setting up group $gid for $path: failed\n");
+ return false;
+ }
+ if (!chmod($path, 0770)) {
+ echo("setting up permissions $path: failed\n");
+ return false;
+ }
+ return true;
+}
+
+function setup_var_folder(&$cfg)
+{
+ env_2_cfg_string($cfg, 'var_root', 'VAR_ROOT', '/data/');
+ $var_root = $cfg['var_root'];
+ if (!is_dir($var_root)) {
+ mkdir($var_root, 0770, true);
+ }
+ $err = jirafeau_check_var_dir($var_root);
+ if ($err['has_error']) {
+ echo("error: cannot create $var_root folder\n");
+ return false;
+ }
+ return set_rights($var_root) &&
+ set_rights($var_root . 'async') &&
+ set_rights($var_root . 'files') &&
+ set_rights($var_root . 'links');
}
// TODO: lots of other options to implement
-env_2_cfg_string($cfg, 'file_hash', 'FILE_HASH');
-echo("docker config done\n");
+$setup_ok = setup_admin_password($cfg) &&
+ setup_var_folder($cfg);
+env_2_cfg_string($cfg, 'web_root', 'WEB_ROOT', '');
+env_2_cfg_string($cfg, 'file_hash', 'FILE_HASH', 'md5');
+
+if ($setup_ok) {
+ $cfg['installation_done'] = true;
+ jirafeau_export_cfg($cfg);
+ echo("You can now connect to your Jirafeau instance\n");
+ exit(0);
+} else {
+ echo("Some Jirafeau options failed");
+ exit(1);
+}
git.p6c8.net / jirafeau.git / commitdiff