From: Jerome Jutteau <jerome@jutteau.fr>
Date: Fri, 1 Jan 2021 18:29:18 +0000 (+0100)
Subject: [FEATURE] add basic docker options
X-Git-Tag: 4.4.0~12
X-Git-Url: https://git.p6c8.net/jirafeau.git/commitdiff_plain/420be1d8b35ee5cd319662619365e091ef17e9f0

[FEATURE] add basic docker options

- web_root
- var_root
- admin_password

ref #247

Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
---

diff --git a/Dockerfile b/Dockerfile
index dd75d58..4256ea8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,9 +2,9 @@ FROM php:7.3-fpm-alpine
 MAINTAINER "Jérôme Jutteau <jerome@jutteau.fr>"
 
 # lighttpd user
-ARG USER_UID=100
+ARG USER_ID=100
 # www-data group
-ARG GROUP_UID=82
+ARG GROUP_ID=82
 
 # install base
 RUN apk update && \
@@ -17,31 +17,27 @@ RUN mkdir /www
 WORKDIR /www
 COPY .git .git
 RUN apk add git && \
-    git reset --hard && rm -rf docker .git .gitignore .gitlab-ci.yml CONTRIBUTING.md Dockerfile README.md && \
+    git reset --hard && rm -rf docker install.php .git .gitignore .gitlab-ci.yml CONTRIBUTING.md Dockerfile README.md && \
     apk del git && \
     touch /www/lib/config.local.php && \
-    chown -R $USER_UID.$GROUP_UID /www && \
+    chown -R $USER_ID.$GROUP_ID /www && \
     chmod o=,ug=rwX -R /www
 
 COPY docker/cleanup.sh /cleanup.sh
-RUN chmod o=,ug=rx /cleanup.sh
 COPY docker/run.sh /run.sh
-RUN chmod o=,ug=rx /run.sh
+RUN chmod o=,ug=rx /cleanup.sh /run.sh
 COPY docker/docker_config.php /docker_config.php
 
 # install lighttpd
 RUN apk add lighttpd php7-mcrypt && \
     echo "extension=/usr/lib/php7/modules/mcrypt.so" > /usr/local/etc/php/conf.d/mcrypt.ini && \
-    chown -R $USER_UID /var/log/lighttpd && \
-    chmod oug=rwX /run && \
+    chown -R $USER_ID /var/log/lighttpd && \
     mkdir -p /usr/local/etc/php
 COPY docker/php.ini /usr/local/etc/php/php.ini
 COPY docker/lighttpd.conf /etc/lighttpd/lighttpd.conf
 
-
 # cleanup
 RUN rm -rf /var/cache/apk/*
 
-
 CMD /run.sh
 EXPOSE 80
\ No newline at end of file
diff --git a/docker/README.md b/docker/README.md
index 893d463..c8a6f55 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -8,6 +8,7 @@ docker run -d -p 8080:80 mojo42/jirafeau:latest
 ```
 
 Then connect on [locahost:8080](http://localhost:8080/).
+The admin console is located on `/admin.php`, check console output to get auto-generated admin password.
 
 # Build your own Jirafeau docker image
 
@@ -19,11 +20,9 @@ docker build -t your/jirafeau:latest .
 
 # Security
 
-Jirafeau is run without privilidges with user id 2009. To make it able to open privilidged ports you can pass the capability, just stay with 8080 and use a reverse proxy or map the port 80:8080.
+You may be interested to run Jirafeau on port 80:
 ```
 docker run -d -p 80:80 --sysctl net.ipv4.ip_unprivileged_port_start=80 mojo42/jirafeau
-docker run -d -p 8080:80 mojo42/jirafeau
-docker run -d -p 80:80 mojo42/jirafeau
 ```
 
 Note that Jirafeau image does not provide any SSL/TLS. You may be interrested in using [docker compose](https://docs.docker.com/compose/) combined with [Let's Encrypt](https://letsencrypt.org/).
@@ -34,6 +33,9 @@ Jirafeau docker image accept some options through environment variables to ease
 More details about options in `lib/config.original.php`.
 
 Available options:
+- `ADMIN_PASSWORD`: setup a specific admin password. If not set, a random password will be generated.
+- `WEB_ROOT`: setup a specific domain to point at when generating links (e.g. 'jirafeau.mydomain.com/').
+- `VAR_ROOT`: setup a specific path where to place files. default: '/data'.
 - `FILE_HASH`: can be set to `md5` (default), `partial_md5` or `random`.
 
 ## Few notes
diff --git a/docker/cleanup.sh b/docker/cleanup.sh
index 9254bae..9c15d75 100755
--- a/docker/cleanup.sh
+++ b/docker/cleanup.sh
@@ -1,5 +1,5 @@
 #!/bin/sh -e
-
+sleep 10 # avoid running cleaning before first setup
 while true
 do
     php /www/admin.php clean_expired
diff --git a/docker/docker_config.php b/docker/docker_config.php
index 6500588..aa57772 100644
--- a/docker/docker_config.php
+++ b/docker/docker_config.php
@@ -23,17 +23,91 @@ require(JIRAFEAU_ROOT . 'lib/settings.php');
 require(JIRAFEAU_ROOT . 'lib/functions.php');
 require(JIRAFEAU_ROOT . 'lib/lang.php');
 
-function env_2_cfg_string($cfg, $config_name, $env_name)
+function env_2_cfg_string(&$cfg, $config_name, $env_name, $default = null)
 {
-    $r = getenv($env_name, true);
+    $r = getenv($env_name);
     if ($r === false) {
-        return;
+        if (is_null($default)) {
+            return false;
+        } else {
+            $r = $default;
+        }
     }
-    echo("setting up '" . $env_name . "' option\n");
+    echo("setting $config_name to '$r'\n");
     $cfg[$config_name] = $r;
-    jirafeau_export_cfg($cfg);
+    return true;
+}
+
+function setup_admin_password(&$cfg)
+{
+    if (strlen($cfg['admin_password']) > 0) {
+        return true;
+    }
+    echo("setting up admin password\n");
+    $p = getenv('ADMIN_PASSWORD');
+    if ($p === false) {
+        $p = jirafeau_gen_random(20);
+        echo("auto-generated admin password: $p\n");
+    }
+    $cfg['admin_password'] = hash('sha256', $p);
+    return true;
+}
+
+function set_rights($path)
+{
+    $uid = getenv('USER_ID');
+    if ($uid === false) {
+        $uid = 100;
+    }
+    $gid = getenv('GROUP_ID');
+    if ($gid === false) {
+        $gid = 82;
+    }
+    if (!chown($path, $uid)) {
+        echo("setting up user $uid for $path: failed\n");
+        return false;
+    }
+    if (!chgrp($path, $gid)) {
+        echo("setting up group $gid for $path: failed\n");
+        return false;
+    }
+    if (!chmod($path, 0770)) {
+        echo("setting up permissions $path: failed\n");
+        return false;
+    }
+    return true;
+}
+
+function setup_var_folder(&$cfg)
+{
+    env_2_cfg_string($cfg, 'var_root', 'VAR_ROOT', '/data/');
+    $var_root = $cfg['var_root'];
+    if (!is_dir($var_root)) {
+        mkdir($var_root, 0770, true);
+    }
+    $err = jirafeau_check_var_dir($var_root);
+    if ($err['has_error']) {
+        echo("error: cannot create $var_root folder\n");
+        return false;
+    }
+    return set_rights($var_root) &&
+           set_rights($var_root . 'async') &&
+           set_rights($var_root . 'files') &&
+           set_rights($var_root . 'links');
 }
 
 // TODO: lots of other options to implement
-env_2_cfg_string($cfg, 'file_hash', 'FILE_HASH');
-echo("docker config done\n");
+$setup_ok = setup_admin_password($cfg) &&
+            setup_var_folder($cfg);
+env_2_cfg_string($cfg, 'web_root', 'WEB_ROOT', '');
+env_2_cfg_string($cfg, 'file_hash', 'FILE_HASH', 'md5');
+
+if ($setup_ok) {
+    $cfg['installation_done'] = true;
+    jirafeau_export_cfg($cfg);
+    echo("You can now connect to your Jirafeau instance\n");
+    exit(0);
+} else {
+    echo("Some Jirafeau options failed");
+    exit(1);
+}
diff --git a/install.php b/install.php
index a5e5420..2798e5a 100644
--- a/install.php
+++ b/install.php
@@ -148,12 +148,7 @@ case 2:
     ?></label></td>
         <td class = "field"><input type = "text" name = "web_root"
         id = "input_web_root" value = "<?php
-        echo(empty($cfg['web_root']) ?
-          $_SERVER['HTTP_HOST'] . str_replace(
-              basename(__FILE__),
-              '',
-              $_SERVER['REQUEST_URI']
-          ) : $cfg['web_root']);
+           echo(empty($cfg['web_root']) ? jirafeau_default_web_root() : $cfg['web_root']);
       ?>" size = "40" /></td>
         </tr> <tr> <td class = "info" colspan = "2"><?php
         echo t('DATA_DIR_EXPLAINATION');
diff --git a/lib/functions.php b/lib/functions.php
index e72359e..53733ca 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -1517,3 +1517,8 @@ function jirafeau_add_ending_slash($path)
 {
     return $path . ((substr($path, -1) == '/') ? '' : '/');
 }
+
+function jirafeau_default_web_root()
+{
+    return $_SERVER['HTTP_HOST'] . str_replace(basename(__FILE__), '', $_SERVER['REQUEST_URI']);
+}