[FEATURE] add basic docker options

- web_root
- var_root
- admin_password

ref #247

Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>

diff --git a/Dockerfile b/Dockerfile
index dd75d58ae1770b14de2039e77a693ce8a0f67b0e..4256ea8f9655f33dbded307677b71e0a634a3026 100644 (file)
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,9 +2,9 @@ FROM php:7.3-fpm-alpine
 MAINTAINER "Jérôme Jutteau <jerome@jutteau.fr>"
 
 # lighttpd user
 MAINTAINER "Jérôme Jutteau <jerome@jutteau.fr>"
 
 # lighttpd user

-ARG USER_UID=100
+ARG USER_ID=100

 # www-data group
 # www-data group

-ARG GROUP_UID=82
+ARG GROUP_ID=82

 
 # install base
 RUN apk update && \
 
 # install base
 RUN apk update && \


@@ -17,31 +17,27 @@ RUN mkdir /www
 WORKDIR /www
 COPY .git .git
 RUN apk add git && \
 WORKDIR /www
 COPY .git .git
 RUN apk add git && \

-    git reset --hard && rm -rf docker .git .gitignore .gitlab-ci.yml CONTRIBUTING.md Dockerfile README.md && \
+    git reset --hard && rm -rf docker install.php .git .gitignore .gitlab-ci.yml CONTRIBUTING.md Dockerfile README.md && \

     apk del git && \
     touch /www/lib/config.local.php && \
     apk del git && \
     touch /www/lib/config.local.php && \

-    chown -R $USER_UID.$GROUP_UID /www && \
+    chown -R $USER_ID.$GROUP_ID /www && \

     chmod o=,ug=rwX -R /www
 
 COPY docker/cleanup.sh /cleanup.sh
     chmod o=,ug=rwX -R /www
 
 COPY docker/cleanup.sh /cleanup.sh

-RUN chmod o=,ug=rx /cleanup.sh

 COPY docker/run.sh /run.sh
 COPY docker/run.sh /run.sh

-RUN chmod o=,ug=rx /run.sh
+RUN chmod o=,ug=rx /cleanup.sh /run.sh

 COPY docker/docker_config.php /docker_config.php
 
 # install lighttpd
 RUN apk add lighttpd php7-mcrypt && \
     echo "extension=/usr/lib/php7/modules/mcrypt.so" > /usr/local/etc/php/conf.d/mcrypt.ini && \
 COPY docker/docker_config.php /docker_config.php
 
 # install lighttpd
 RUN apk add lighttpd php7-mcrypt && \
     echo "extension=/usr/lib/php7/modules/mcrypt.so" > /usr/local/etc/php/conf.d/mcrypt.ini && \

-    chown -R $USER_UID /var/log/lighttpd && \
-    chmod oug=rwX /run && \
+    chown -R $USER_ID /var/log/lighttpd && \

     mkdir -p /usr/local/etc/php
 COPY docker/php.ini /usr/local/etc/php/php.ini
 COPY docker/lighttpd.conf /etc/lighttpd/lighttpd.conf
 
     mkdir -p /usr/local/etc/php
 COPY docker/php.ini /usr/local/etc/php/php.ini
 COPY docker/lighttpd.conf /etc/lighttpd/lighttpd.conf
 

-

 # cleanup
 RUN rm -rf /var/cache/apk/*
 
 # cleanup
 RUN rm -rf /var/cache/apk/*
 

-

 CMD /run.sh
 EXPOSE 80
\ No newline at end of file
 CMD /run.sh
 EXPOSE 80
\ No newline at end of file

diff --git a/docker/README.md b/docker/README.md
index 893d46310e85c757609cd333a63fdaecefb76e97..c8a6f550e712af6dccfe5c1a4f71d1410f1efac9 100644 (file)
--- a/docker/README.md
+++ b/docker/README.md
@@ -8,6 +8,7 @@ docker run -d -p 8080:80 mojo42/jirafeau:latest
 ```
 
 Then connect on [locahost:8080](http://localhost:8080/).
 ```
 
 Then connect on [locahost:8080](http://localhost:8080/).

+The admin console is located on `/admin.php`, check console output to get auto-generated admin password.

 
 # Build your own Jirafeau docker image
 
 
 # Build your own Jirafeau docker image
 


@@ -19,11 +20,9 @@ docker build -t your/jirafeau:latest .
 
 # Security
 
 
 # Security
 

-Jirafeau is run without privilidges with user id 2009. To make it able to open privilidged ports you can pass the capability, just stay with 8080 and use a reverse proxy or map the port 80:8080.
+You may be interested to run Jirafeau on port 80:

 ```
 docker run -d -p 80:80 --sysctl net.ipv4.ip_unprivileged_port_start=80 mojo42/jirafeau
 ```
 docker run -d -p 80:80 --sysctl net.ipv4.ip_unprivileged_port_start=80 mojo42/jirafeau

-docker run -d -p 8080:80 mojo42/jirafeau
-docker run -d -p 80:80 mojo42/jirafeau

 ```
 
 Note that Jirafeau image does not provide any SSL/TLS. You may be interrested in using [docker compose](https://docs.docker.com/compose/) combined with [Let's Encrypt](https://letsencrypt.org/).
 ```
 
 Note that Jirafeau image does not provide any SSL/TLS. You may be interrested in using [docker compose](https://docs.docker.com/compose/) combined with [Let's Encrypt](https://letsencrypt.org/).


@@ -34,6 +33,9 @@ Jirafeau docker image accept some options through environment variables to ease
 More details about options in `lib/config.original.php`.
 
 Available options:
 More details about options in `lib/config.original.php`.
 
 Available options:

+- `ADMIN_PASSWORD`: setup a specific admin password. If not set, a random password will be generated.
+- `WEB_ROOT`: setup a specific domain to point at when generating links (e.g. 'jirafeau.mydomain.com/').
+- `VAR_ROOT`: setup a specific path where to place files. default: '/data'.

 - `FILE_HASH`: can be set to `md5` (default), `partial_md5` or `random`.
 
 ## Few notes
 - `FILE_HASH`: can be set to `md5` (default), `partial_md5` or `random`.
 
 ## Few notes

diff --git a/docker/cleanup.sh b/docker/cleanup.sh
index 9254bae608a23e444a2ce0e5dbf0592f10fec7fc..9c15d7530192e94e75f44fc47d8168e8d781d7ae 100755 (executable)
--- a/docker/cleanup.sh
+++ b/docker/cleanup.sh
@@ -1,5 +1,5 @@
 #!/bin/sh -e
 #!/bin/sh -e

-
+sleep 10 # avoid running cleaning before first setup

 while true
 do
     php /www/admin.php clean_expired
 while true
 do
     php /www/admin.php clean_expired

diff --git a/docker/docker_config.php b/docker/docker_config.php
index 65005881d0525a3b98624832fdc5f2ea61066d9e..aa5777233878179c190a1f60970b1bb0c43476e3 100644 (file)
--- a/docker/docker_config.php
+++ b/docker/docker_config.php
@@ -23,17 +23,91 @@ require(JIRAFEAU_ROOT . 'lib/settings.php');
 require(JIRAFEAU_ROOT . 'lib/functions.php');
 require(JIRAFEAU_ROOT . 'lib/lang.php');
 
 require(JIRAFEAU_ROOT . 'lib/functions.php');
 require(JIRAFEAU_ROOT . 'lib/lang.php');
 

-function env_2_cfg_string($cfg, $config_name, $env_name)
+function env_2_cfg_string(&$cfg, $config_name, $env_name, $default = null)

 {
 {

-    $r = getenv($env_name, true);
+    $r = getenv($env_name);

     if ($r === false) {
     if ($r === false) {

-        return;
+        if (is_null($default)) {
+            return false;
+        } else {
+            $r = $default;
+        }

     }
     }

-    echo("setting up '" . $env_name . "' option\n");
+    echo("setting $config_name to '$r'\n");

     $cfg[$config_name] = $r;
     $cfg[$config_name] = $r;

-    jirafeau_export_cfg($cfg);
+    return true;
+}
+
+function setup_admin_password(&$cfg)
+{
+    if (strlen($cfg['admin_password']) > 0) {
+        return true;
+    }
+    echo("setting up admin password\n");
+    $p = getenv('ADMIN_PASSWORD');
+    if ($p === false) {
+        $p = jirafeau_gen_random(20);
+        echo("auto-generated admin password: $p\n");
+    }
+    $cfg['admin_password'] = hash('sha256', $p);
+    return true;
+}
+
+function set_rights($path)
+{
+    $uid = getenv('USER_ID');
+    if ($uid === false) {
+        $uid = 100;
+    }
+    $gid = getenv('GROUP_ID');
+    if ($gid === false) {
+        $gid = 82;
+    }
+    if (!chown($path, $uid)) {
+        echo("setting up user $uid for $path: failed\n");
+        return false;
+    }
+    if (!chgrp($path, $gid)) {
+        echo("setting up group $gid for $path: failed\n");
+        return false;
+    }
+    if (!chmod($path, 0770)) {
+        echo("setting up permissions $path: failed\n");
+        return false;
+    }
+    return true;
+}
+
+function setup_var_folder(&$cfg)
+{
+    env_2_cfg_string($cfg, 'var_root', 'VAR_ROOT', '/data/');
+    $var_root = $cfg['var_root'];
+    if (!is_dir($var_root)) {
+        mkdir($var_root, 0770, true);
+    }
+    $err = jirafeau_check_var_dir($var_root);
+    if ($err['has_error']) {
+        echo("error: cannot create $var_root folder\n");
+        return false;
+    }
+    return set_rights($var_root) &&
+           set_rights($var_root . 'async') &&
+           set_rights($var_root . 'files') &&
+           set_rights($var_root . 'links');

 }
 
 // TODO: lots of other options to implement
 }
 
 // TODO: lots of other options to implement

-env_2_cfg_string($cfg, 'file_hash', 'FILE_HASH');
-echo("docker config done\n");
+$setup_ok = setup_admin_password($cfg) &&
+            setup_var_folder($cfg);
+env_2_cfg_string($cfg, 'web_root', 'WEB_ROOT', '');
+env_2_cfg_string($cfg, 'file_hash', 'FILE_HASH', 'md5');
+
+if ($setup_ok) {
+    $cfg['installation_done'] = true;
+    jirafeau_export_cfg($cfg);
+    echo("You can now connect to your Jirafeau instance\n");
+    exit(0);
+} else {
+    echo("Some Jirafeau options failed");
+    exit(1);
+}

diff --git a/install.php b/install.php
index a5e542027c4623e17832fa87336f568c91946dc4..2798e5a839e306e300729b333ded4476c399ad30 100644 (file)
--- a/install.php
+++ b/install.php
@@ -148,12 +148,7 @@ case 2:
     ?></label></td>
         <td class = "field"><input type = "text" name = "web_root"
         id = "input_web_root" value = "<?php
     ?></label></td>
         <td class = "field"><input type = "text" name = "web_root"
         id = "input_web_root" value = "<?php

-        echo(empty($cfg['web_root']) ?
-          $_SERVER['HTTP_HOST'] . str_replace(
-              basename(__FILE__),
-              '',
-              $_SERVER['REQUEST_URI']
-          ) : $cfg['web_root']);
+           echo(empty($cfg['web_root']) ? jirafeau_default_web_root() : $cfg['web_root']);

       ?>" size = "40" /></td>
         </tr> <tr> <td class = "info" colspan = "2"><?php
         echo t('DATA_DIR_EXPLAINATION');
       ?>" size = "40" /></td>
         </tr> <tr> <td class = "info" colspan = "2"><?php
         echo t('DATA_DIR_EXPLAINATION');

diff --git a/lib/functions.php b/lib/functions.php
index e72359e6d965b7d6406242f25eefd765700122bf..53733ca3a16d3b5fdb43ead28b60c3a5e9da100e 100644 (file)
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -1517,3 +1517,8 @@ function jirafeau_add_ending_slash($path)
 {
     return $path . ((substr($path, -1) == '/') ? '' : '/');
 }
 {
     return $path . ((substr($path, -1) == '/') ? '' : '/');
 }

+
+function jirafeau_default_web_root()
+{
+    return $_SERVER['HTTP_HOST'] . str_replace(basename(__FILE__), '', $_SERVER['REQUEST_URI']);
+}