diff --git a/Dockerfile b/Dockerfile index b39e323..439b202 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,6 +4,7 @@ LABEL maintainer="Passbolt SA " ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D ENV PASSBOLT_PKG=passbolt-ce-server +ENV PHP_VERSION=7.3 RUN apt-get update \ && DEBIAN_FRONTEND=non-interactive apt-get -y install \ @@ -15,8 +16,15 @@ RUN apt-get update \ && DEBIAN_FRONTEND=non-interactive apt-get -y install --no-install-recommends \ nginx \ $PASSBOLT_PKG \ - supervisor - + supervisor \ + && rm /etc/nginx/sites-enabled/default \ + && mkdir /run/php \ + && cp /usr/share/passbolt/examples/nginx-passbolt-ssl.conf /etc/nginx/snippets/passbolt-ssl.conf \ + && sed -i 's,;clear_env = no,clear_env = no,' /etc/php/$PHP_VERSION/fpm/pool.d/www.conf \ + && sed -i 's,# include __PASSBOLT_SSL__,include /etc/nginx/snippets/passbolt-ssl.conf;,' /etc/nginx/sites-enabled/nginx-passbolt.conf \ + && sed -i 's,ssl on;,listen 443 ssl;,' /etc/nginx/snippets/passbolt-ssl.conf \ + && sed -i 's,__CERT_PATH__,/etc/ssl/certs/certificate.crt;,' /etc/nginx/snippets/passbolt-ssl.conf \ + && sed -i 's,__KEY_PATH__,/etc/ssl/certs/certificate.key;,' /etc/nginx/snippets/passbolt-ssl.conf COPY conf/supervisor/*.conf /etc/supervisor/conf.d/ COPY bin/docker-entrypoint.sh /docker-entrypoint.sh diff --git a/bin/docker-entrypoint.sh b/bin/docker-entrypoint.sh index e402318..15e2f36 100755 --- a/bin/docker-entrypoint.sh +++ b/bin/docker-entrypoint.sh @@ -2,8 +2,9 @@ set -euo pipefail -gpg_private_key="${PASSBOLT_GPG_SERVER_KEY_PRIVATE:-/var/www/passbolt/config/gpg/serverkey_private.asc}" -gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-/var/www/passbolt/config/gpg/serverkey.asc}" +passbolt_config="/etc/passbolt" +gpg_private_key="${PASSBOLT_GPG_SERVER_KEY_PRIVATE:-$passbolt_config/gpg/serverkey_private.asc}" +gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-$passbolt_config/gpg/serverkey.asc}" ssl_key='/etc/ssl/certs/certificate.key' ssl_cert='/etc/ssl/certs/certificate.crt' @@ -70,13 +71,12 @@ gen_ssl_cert() { } install() { - local app_config="/etc/passbolt/app.php" - if [ ! -f "$app_config" ]; then - su -c "cp $app_config/app.default.php $app_config/app.php" -s /bin/bash www-data + if [ ! -f "$passbolt_config/app.php" ]; then + su -c "cp $passbolt_config/app.default.php $passbolt_config/app.php" -s /bin/bash www-data fi - if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f "$app_config/passbolt.php" ]; then + if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f "$passbolt_config/passbolt.php" ]; then gpg_auto_fingerprint="$(su -c "gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)" export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint fi diff --git a/conf/supervisor/php.conf b/conf/supervisor/php.conf index c008c6b..a98b80c 100644 --- a/conf/supervisor/php.conf +++ b/conf/supervisor/php.conf @@ -1,5 +1,5 @@ [program:php-fpm] -command=php-fpm -F +command=php-fpm7.3 -F autostart=true priority=5 stdout_logfile=/dev/stdout diff --git a/docker-compose.yml b/docker-compose.yml index bf8c74f..868cce8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,10 +17,8 @@ services: env_file: - env/passbolt.env volumes: - - gpg_volume:/var/www/passbolt/config/gpg - - images_volume:/var/www/passbolt/webroot/img/public - tmpfs: - - /run + - gpg_volume:/var/lib/passbolt/.gnupg + - images_volume:/usr/share/php/passbolt/webroot/img/public command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"] ports: - 80:80