diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..91fc136 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,12 @@ +spec +.git +.github +.editorconfig +.gitignore +Gemfile +Gemfile.lock +Rakefile +*.md +*.yml +scripts +env diff --git a/CHANGELOG.md b/CHANGELOG.md index d841c1b..57a6334 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,41 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). -## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.0.0-rc2...HEAD) +## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.0.0...HEAD) + +## [2.0.0](https://github.com/passbolt/passbolt_docker/compare/v2.0.0-rc2...v2.0.0) - 2018-04-09 + +### Changed + +- Base image switched to php:7-fpm (debian based) due performance issues with passbolt and alpine based images +- Web user is now www-data +- Supervisor provides better logging to stdout +- Upload max filesize increased to 5M for avatar uploads +- README documentation updated +- Composer file loads images directory in passbolt container as a docker volume + +### Added + +- Added composer installer signature check according to official composer docs [#91](https://github.com/passbolt/passbolt_docker/pull/91) + +## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v1.6.10...HEAD) + +## [1.6.10](https://github.com/passbolt/passbolt_docker/compare/v1.6.9-1...v1.6.10) - 2018-03-28 + +### Fixed + +- chown fails with Docker Secrets, can't start container [#89](https://github.com/passbolt/passbolt_docker/pull/89) + +### Changed + +The container base image has been migrated from alpine to debian. The reason behind this change +is that we have detected slower performance in alpine based images. Changing the image introduced a few changes +in the structure of the container: +- Bigger images +- www user is now www-data user +- cron jobs are managed as crontabs in /var/spool/cron/crontabs/root +- Permissions check on the passbolt base dir has been removed as it was a big performance penalty on startup times. +- Docker hub tags will now follow the PASSBOLT_VERSION-debian pattern ## [2.0.0-rc2](https://github.com/passbolt/passbolt_docker/compare/v2.0.0-rc1...v2.0.0-rc2) - 2018-02-20 diff --git a/Dockerfile b/Dockerfile index ae6d0b7..ff7f9f6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,9 +2,15 @@ FROM php:7-fpm LABEL maintainer="diego@passbolt.com" -ARG PASSBOLT_VERSION="2.0.0-rc2" +ARG PASSBOLT_VERSION="2.0.0" ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz" +ARG PHP_EXTENSIONS="gd \ + intl \ + pdo_mysql \ + xsl" + + ARG PHP_EXTENSIONS="gd \ intl \ pdo_mysql \ diff --git a/README.md b/README.md index 69114b5..0aa11e1 100644 --- a/README.md +++ b/README.md @@ -15,10 +15,6 @@ [![license](https://img.shields.io/github/license/passbolt/passbolt_docker.svg?style=flat-square)](https://github.com/passbolt/passbolt_docker/LICENSE) [![Twitter Follow](https://img.shields.io/twitter/follow/passbolt.svg?style=social&label=Follow)](https://twitter.com/passbolt) -# Warning - -This is a work in progress branch use at your own risk. - # What is passbolt? Passbolt is a free and open source password manager that allows team members to @@ -70,40 +66,41 @@ available browsing `https://yourdomain.com` Passbolt docker image provides several environment variables to configure different aspects: -``` -* APP_FULL_BASE_URL: Passbolt base url (Example https://yourdomain.com) -* DATASOURCES_DEFAULT_HOST: database hostname (default: localhost) -* DATASOURCES_DEFAULT_PORT: database port (default: 3306) -* DATASOURCES_DEFAULT_USERNAME: database username (default: my_app) -* DATASOURCES_DEFAULT_PASSWORD: database password (default: secret) -* DATASOURCES_DEFAULT_DATABASE: database name (default: my_app) -* EMAIL_TRANSPORT_DEFAULT_CLASS_NAME: Email classname (default: Smtp) -* EMAIL_DEFAULT_FROM: from email address (default: contact@mydomain.local) -* EMAIL_DEFAULT_TRANSPORT: sets transport method (default: default) -* EMAIL_TRANSPORT_DEFAULT_HOST: server hostname (default: localhost) -* EMAIL_TRANSPORT_DEFAULT_PORT: server port (default: 25) -* EMAIL_TRANSPORT_DEFAULT_TIMEOUT: timeout (default: 30) -* EMAIL_TRANSPORT_DEFAULT_USERNAME: username for email server auth (default: null) -* EMAIL_TRANSPORT_DEFAULT_PASSWORD: password for email server auth (default: null) -* EMAIL_TRANSPORT_DEFAULT_CLIENT: client (default: null) -* EMAIL_TRANSPORT_DEFAULT_TLS: set tls (default: null) -* EMAIL_TRANSPORT_DEFAULT_URL: set url (default: null) -* GNUPGHOME: Path to gnupghome directory (default: web_user_home_directory/.gnupg ) -* PASSBOLT_KEY_LENGTH: gpg desired key length (default: 2048) -* PASSBOLT_SUBKEY_LENGTH: gpg desired subkey length (default: 2048) -* PASSBOLT_KEY_NAME: key owner name (default: Passbolt default user) -* PASSBOLT_KEY_EMAIL: key owner email address (default: passbolt@yourdomain.com) -* PASSBOLT_KEY_EXPIRATION: key expiration date (default: 0, never expires) -* PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: GnuPG fingerprint -* PASSBOLT_GPG_SERVER_KEY_PUBLIC: Path to GnuPG public server key (default: to /var/www/passbolt/config/gpg/serverkey.asc) -* PASSBOLT_GPG_SERVER_KEY_PRIVATE: Path to GnuPG private server key (default: to /var/www/passbolt/config/gpg/serverkey_private.asc) -* PASSBOLT_REGISTRATION_PUBLIC: Defines if users can register (default: to false) -* PASSBOLT_SSL_FORCE: Redirects http to https from passbolt (default: to true) -* PASSBOLT_SECURITY_SET_HEADERS: Send CSP Headers from passbolt (default: to true) -* SECURITY_SALT: A random number user in security hashing methods. -``` +| Variable name | Description | Default value | +| ----------------------------------- | -------------------------------- | ------------------- | +| APP_FULL_BASE_URL | Passbolt base url | false | +| DATASOURCES_DEFAULT_HOST | Database hostname | localhost | +| DATASOURCES_DEFAULT_PORT | Database port | 3306 | +| DATASOURCES_DEFAULT_USERNAME | Database username | '' | +| DATASOURCES_DEFAULT_PASSWORD | Database password | '' | +| DATASOURCES_DEFAULT_DATABASE | Database name | '' | +| EMAIL_TRANSPORT_DEFAULT_CLASS_NAME | Email classname | Smtp | +| EMAIL_DEFAULT_FROM | From email address | you@localhost | +| EMAIL_DEFAULT_TRANSPORT | Sets transport method | default | +| EMAIL_TRANSPORT_DEFAULT_HOST | Server hostname | localhost | +| EMAIL_TRANSPORT_DEFAULT_PORT | Server port | 25 | +| EMAIL_TRANSPORT_DEFAULT_TIMEOUT | Timeout | 30 | +| EMAIL_TRANSPORT_DEFAULT_USERNAME | Username for email server auth | null | +| EMAIL_TRANSPORT_DEFAULT_PASSWORD | Password for email server auth | null | +| EMAIL_TRANSPORT_DEFAULT_CLIENT | Client | null | +| EMAIL_TRANSPORT_DEFAULT_TLS | Set tls | null | +| EMAIL_TRANSPORT_DEFAULT_URL | Set url | null | +| GNUPGHOME | path to gnupghome directory | /home/www-data/.gnupg | +| PASSBOLT_KEY_LENGTH | Gpg desired key length | 2048 | +| PASSBOLT_SUBKEY_LENGTH | Gpg desired subkey length | 2048 | +| PASSBOLT_KEY_NAME | Key owner name | Passbolt default user | +| PASSBOLT_KEY_EMAIL | Key owner email address | passbolt@yourdomain.com | +| PASSBOLT_KEY_EXPIRATION | Key expiration date | 0, never expires | +| PASSBOLT_GPG_SERVER_KEY_FINGERPRINT | GnuPG fingerprint | null | +| PASSBOLT_GPG_SERVER_KEY_PUBLIC | Path to GnuPG public server key | /var/www/passbolt/config/gpg/serverkey.asc | +| PASSBOLT_GPG_SERVER_KEY_PRIVATE | Path to GnuPG private server key | /var/www/passbolt/config/gpg/serverkey_private.asc | +| PASSBOLT_REGISTRATION_PUBLIC | Defines if users can register | false | +| PASSBOLT_SSL_FORCE | Redirects http to https | true | +| PASSBOLT_SECURITY_SET_HEADERS | Send CSP Headers | true | +| SECURITY_SALT | CakePHP security salt | __SALT__ | -For more env variables supported please check [default.php](https://github.com/passbolt/passbolt_api/blob/develop/config/default.php) +For more env variables supported please check [default.php](https://github.com/passbolt/passbolt_api/blob/master/config/default.php) +For more env variables supported please check [app.default.php](https://github.com/passbolt/passbolt_api/blob/master/config/app.default.php) ### Configuration files diff --git a/docker-compose.yml b/docker-compose.yml index 56177fd..abfc99f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,13 +10,15 @@ services: - 3306 passbolt: - image: passbolt/passbolt:develop-debian + image: passbolt/passbolt:2.0.0-debian tty: true depends_on: - db env_file: - env/passbolt.env volumes: + - gpg_volume:/var/www/passbolt/config/gpg + - images_volume:/var/www/passbolt/webroot/img/public - ./scripts/wait-for.sh:/usr/bin/wait-for.sh tmpfs: - /run diff --git a/env/passbolt.env b/env/passbolt.env index c5cffef..1f0ec57 100644 --- a/env/passbolt.env +++ b/env/passbolt.env @@ -8,5 +8,5 @@ DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt DATASOURCES_DEFAULT_DATABASE=passbolt DATASOURCES_DEFAULT_PORT=3306 -# Misc +# Registration PASSBOLT_REGISTRATION_PUBLIC=true