From: Jerome Jutteau Date: Fri, 1 Jan 2021 18:29:18 +0000 (+0100) Subject: [FEATURE] add basic docker options X-Git-Tag: 4.4.0~12 X-Git-Url: https://git.p6c8.net/jirafeau_mojo42.git/commitdiff_plain/420be1d8b35ee5cd319662619365e091ef17e9f0?ds=sidebyside;hp=a155e54c13f86994f4280fb18eba021f3cc7c9fd [FEATURE] add basic docker options - web_root - var_root - admin_password ref #247 Signed-off-by: Jerome Jutteau --- diff --git a/Dockerfile b/Dockerfile index dd75d58..4256ea8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,9 +2,9 @@ FROM php:7.3-fpm-alpine MAINTAINER "Jérôme Jutteau " # lighttpd user -ARG USER_UID=100 +ARG USER_ID=100 # www-data group -ARG GROUP_UID=82 +ARG GROUP_ID=82 # install base RUN apk update && \ @@ -17,31 +17,27 @@ RUN mkdir /www WORKDIR /www COPY .git .git RUN apk add git && \ - git reset --hard && rm -rf docker .git .gitignore .gitlab-ci.yml CONTRIBUTING.md Dockerfile README.md && \ + git reset --hard && rm -rf docker install.php .git .gitignore .gitlab-ci.yml CONTRIBUTING.md Dockerfile README.md && \ apk del git && \ touch /www/lib/config.local.php && \ - chown -R $USER_UID.$GROUP_UID /www && \ + chown -R $USER_ID.$GROUP_ID /www && \ chmod o=,ug=rwX -R /www COPY docker/cleanup.sh /cleanup.sh -RUN chmod o=,ug=rx /cleanup.sh COPY docker/run.sh /run.sh -RUN chmod o=,ug=rx /run.sh +RUN chmod o=,ug=rx /cleanup.sh /run.sh COPY docker/docker_config.php /docker_config.php # install lighttpd RUN apk add lighttpd php7-mcrypt && \ echo "extension=/usr/lib/php7/modules/mcrypt.so" > /usr/local/etc/php/conf.d/mcrypt.ini && \ - chown -R $USER_UID /var/log/lighttpd && \ - chmod oug=rwX /run && \ + chown -R $USER_ID /var/log/lighttpd && \ mkdir -p /usr/local/etc/php COPY docker/php.ini /usr/local/etc/php/php.ini COPY docker/lighttpd.conf /etc/lighttpd/lighttpd.conf - # cleanup RUN rm -rf /var/cache/apk/* - CMD /run.sh EXPOSE 80 \ No newline at end of file diff --git a/docker/README.md b/docker/README.md index 893d463..c8a6f55 100644 --- a/docker/README.md +++ b/docker/README.md @@ -8,6 +8,7 @@ docker run -d -p 8080:80 mojo42/jirafeau:latest ``` Then connect on [locahost:8080](http://localhost:8080/). +The admin console is located on `/admin.php`, check console output to get auto-generated admin password. # Build your own Jirafeau docker image @@ -19,11 +20,9 @@ docker build -t your/jirafeau:latest . # Security -Jirafeau is run without privilidges with user id 2009. To make it able to open privilidged ports you can pass the capability, just stay with 8080 and use a reverse proxy or map the port 80:8080. +You may be interested to run Jirafeau on port 80: ``` docker run -d -p 80:80 --sysctl net.ipv4.ip_unprivileged_port_start=80 mojo42/jirafeau -docker run -d -p 8080:80 mojo42/jirafeau -docker run -d -p 80:80 mojo42/jirafeau ``` Note that Jirafeau image does not provide any SSL/TLS. You may be interrested in using [docker compose](https://docs.docker.com/compose/) combined with [Let's Encrypt](https://letsencrypt.org/). @@ -34,6 +33,9 @@ Jirafeau docker image accept some options through environment variables to ease More details about options in `lib/config.original.php`. Available options: +- `ADMIN_PASSWORD`: setup a specific admin password. If not set, a random password will be generated. +- `WEB_ROOT`: setup a specific domain to point at when generating links (e.g. 'jirafeau.mydomain.com/'). +- `VAR_ROOT`: setup a specific path where to place files. default: '/data'. - `FILE_HASH`: can be set to `md5` (default), `partial_md5` or `random`. ## Few notes diff --git a/docker/cleanup.sh b/docker/cleanup.sh index 9254bae..9c15d75 100755 --- a/docker/cleanup.sh +++ b/docker/cleanup.sh @@ -1,5 +1,5 @@ #!/bin/sh -e - +sleep 10 # avoid running cleaning before first setup while true do php /www/admin.php clean_expired diff --git a/docker/docker_config.php b/docker/docker_config.php index 6500588..aa57772 100644 --- a/docker/docker_config.php +++ b/docker/docker_config.php @@ -23,17 +23,91 @@ require(JIRAFEAU_ROOT . 'lib/settings.php'); require(JIRAFEAU_ROOT . 'lib/functions.php'); require(JIRAFEAU_ROOT . 'lib/lang.php'); -function env_2_cfg_string($cfg, $config_name, $env_name) +function env_2_cfg_string(&$cfg, $config_name, $env_name, $default = null) { - $r = getenv($env_name, true); + $r = getenv($env_name); if ($r === false) { - return; + if (is_null($default)) { + return false; + } else { + $r = $default; + } } - echo("setting up '" . $env_name . "' option\n"); + echo("setting $config_name to '$r'\n"); $cfg[$config_name] = $r; - jirafeau_export_cfg($cfg); + return true; +} + +function setup_admin_password(&$cfg) +{ + if (strlen($cfg['admin_password']) > 0) { + return true; + } + echo("setting up admin password\n"); + $p = getenv('ADMIN_PASSWORD'); + if ($p === false) { + $p = jirafeau_gen_random(20); + echo("auto-generated admin password: $p\n"); + } + $cfg['admin_password'] = hash('sha256', $p); + return true; +} + +function set_rights($path) +{ + $uid = getenv('USER_ID'); + if ($uid === false) { + $uid = 100; + } + $gid = getenv('GROUP_ID'); + if ($gid === false) { + $gid = 82; + } + if (!chown($path, $uid)) { + echo("setting up user $uid for $path: failed\n"); + return false; + } + if (!chgrp($path, $gid)) { + echo("setting up group $gid for $path: failed\n"); + return false; + } + if (!chmod($path, 0770)) { + echo("setting up permissions $path: failed\n"); + return false; + } + return true; +} + +function setup_var_folder(&$cfg) +{ + env_2_cfg_string($cfg, 'var_root', 'VAR_ROOT', '/data/'); + $var_root = $cfg['var_root']; + if (!is_dir($var_root)) { + mkdir($var_root, 0770, true); + } + $err = jirafeau_check_var_dir($var_root); + if ($err['has_error']) { + echo("error: cannot create $var_root folder\n"); + return false; + } + return set_rights($var_root) && + set_rights($var_root . 'async') && + set_rights($var_root . 'files') && + set_rights($var_root . 'links'); } // TODO: lots of other options to implement -env_2_cfg_string($cfg, 'file_hash', 'FILE_HASH'); -echo("docker config done\n"); +$setup_ok = setup_admin_password($cfg) && + setup_var_folder($cfg); +env_2_cfg_string($cfg, 'web_root', 'WEB_ROOT', ''); +env_2_cfg_string($cfg, 'file_hash', 'FILE_HASH', 'md5'); + +if ($setup_ok) { + $cfg['installation_done'] = true; + jirafeau_export_cfg($cfg); + echo("You can now connect to your Jirafeau instance\n"); + exit(0); +} else { + echo("Some Jirafeau options failed"); + exit(1); +} diff --git a/install.php b/install.php index a5e5420..2798e5a 100644 --- a/install.php +++ b/install.php @@ -148,12 +148,7 @@ case 2: ?>