Changed: fix SSL nginx configs

* variable renaming on entrypoint * php version
2020-07-23 17:48:34 +02:00 · 2020-07-23 17:48:34 +02:00 · 6635960f40
parent e83ea269ae
commit 6635960f40
4 changed files with 19 additions and 13 deletions
--- a/12
+++ b/12
@ -4,6 +4,7 @@ LABEL maintainer="Passbolt SA <contact@passbolt.com>"
 ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D
 ENV PASSBOLT_PKG=passbolt-ce-server
 ENV PHP_VERSION=7.3
 RUN apt-get update \
    && DEBIAN_FRONTEND=non-interactive apt-get -y install \
@ -15,8 +16,15 @@ RUN apt-get update \
    && DEBIAN_FRONTEND=non-interactive apt-get -y install --no-install-recommends \
      nginx \
      $PASSBOLT_PKG \
-      supervisor
+      supervisor \
-
+    && rm /etc/nginx/sites-enabled/default \
    && mkdir /run/php \
    && cp /usr/share/passbolt/examples/nginx-passbolt-ssl.conf /etc/nginx/snippets/passbolt-ssl.conf \
    && sed -i 's,;clear_env = no,clear_env = no,' /etc/php/$PHP_VERSION/fpm/pool.d/www.conf \
    && sed -i 's,# include __PASSBOLT_SSL__,include /etc/nginx/snippets/passbolt-ssl.conf;,' /etc/nginx/sites-enabled/nginx-passbolt.conf \
    && sed -i 's,ssl on;,listen 443 ssl;,' /etc/nginx/snippets/passbolt-ssl.conf \
    && sed -i 's,__CERT_PATH__,/etc/ssl/certs/certificate.crt;,' /etc/nginx/snippets/passbolt-ssl.conf \
    && sed -i 's,__KEY_PATH__,/etc/ssl/certs/certificate.key;,' /etc/nginx/snippets/passbolt-ssl.conf
 COPY conf/supervisor/*.conf /etc/supervisor/conf.d/
 COPY bin/docker-entrypoint.sh /docker-entrypoint.sh
--- a/bin/docker-entrypoint.sh
+++ b/bin/docker-entrypoint.sh
@ -2,8 +2,9 @@
 set -euo pipefail
-gpg_private_key="${PASSBOLT_GPG_SERVER_KEY_PRIVATE:-/var/www/passbolt/config/gpg/serverkey_private.asc}"
+passbolt_config="/etc/passbolt"
-gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-/var/www/passbolt/config/gpg/serverkey.asc}"
+gpg_private_key="${PASSBOLT_GPG_SERVER_KEY_PRIVATE:-$passbolt_config/gpg/serverkey_private.asc}"
 gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-$passbolt_config/gpg/serverkey.asc}"
 ssl_key='/etc/ssl/certs/certificate.key'
 ssl_cert='/etc/ssl/certs/certificate.crt'
@ -70,13 +71,12 @@ gen_ssl_cert() {
 }
 install() {
  local app_config="/etc/passbolt/app.php"
-  if [ ! -f "$app_config" ]; then
+  if [ ! -f "$passbolt_config/app.php" ]; then
-    su -c "cp $app_config/app.default.php $app_config/app.php" -s /bin/bash www-data
+    su -c "cp $passbolt_config/app.default.php $passbolt_config/app.php" -s /bin/bash www-data
  fi
-  if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f  "$app_config/passbolt.php" ]; then
+  if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f  "$passbolt_config/passbolt.php" ]; then
    gpg_auto_fingerprint="$(su -c "gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)"
    export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
  fi
--- a/conf/supervisor/php.conf
+++ b/conf/supervisor/php.conf
@ -1,5 +1,5 @@
 [program:php-fpm]
-command=php-fpm -F
+command=php-fpm7.3 -F
 autostart=true
 priority=5
 stdout_logfile=/dev/stdout
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -17,10 +17,8 @@ services:
    env_file:
      - env/passbolt.env
    volumes:
-      - gpg_volume:/var/www/passbolt/config/gpg
+      - gpg_volume:/var/lib/passbolt/.gnupg
-      - images_volume:/var/www/passbolt/webroot/img/public
+      - images_volume:/usr/share/php/passbolt/webroot/img/public
    tmpfs:
      - /run
    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
    ports:
      - 80:80