CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'release/v2.0.5'

This commit is contained in:
Diego Lendoiro 2018-05-08 18:09:31 +02:00
parent cf735ad619 44bc84190e
commit 8536f75083
8 changed files with 78 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG.md
View File

@ -2,7 +2,13 @@
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](http://semver.org/). This project adheres to [Semantic Versioning](http://semver.org/).
## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.0.4...HEAD) ## [Unreleased](https://github.com/passbolt/passbolt_docker/compare/v2.0.5...HEAD)
## [2.0.5](https://github.com/passbolt/passbolt_docker/compare/v2.0.4...v2.0.5) - 2018-05-08
### Fixed
- Nginx configuration file root directive for passbolt
## [2.0.4](https://github.com/passbolt/passbolt_docker/compare/v2.0.2...v2.0.4) - 2018-04-26 ## [2.0.4](https://github.com/passbolt/passbolt_docker/compare/v2.0.2...v2.0.4) - 2018-04-26

2
Dockerfile
View File

@ -2,7 +2,7 @@ FROM php:7-fpm
LABEL maintainer="diego@passbolt.com" LABEL maintainer="diego@passbolt.com"
ARG PASSBOLT_VERSION="2.0.4" ARG PASSBOLT_VERSION="2.0.5"
ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz" ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"
ARG PHP_EXTENSIONS="gd \ ARG PHP_EXTENSIONS="gd \

12
Gemfile.lock
View File

@ -3,12 +3,12 @@ GEM
specs: specs:
coderay (1.1.2) coderay (1.1.2)
diff-lcs (1.3) diff-lcs (1.3)
docker-api (1.34.0) docker-api (1.34.2)
excon (>= 0.47.0) excon (>= 0.47.0)
multi_json multi_json
excon (0.60.0) excon (0.62.0)
method_source (0.9.0) method_source (0.9.0)
multi_json (1.12.2) multi_json (1.13.1)
net-scp (1.2.1) net-scp (1.2.1)
net-ssh (>= 2.6.5) net-ssh (>= 2.6.5)
net-ssh (4.2.0) net-ssh (4.2.0)
@ -16,7 +16,7 @@ GEM
pry (0.11.3) pry (0.11.3)
coderay (~> 1.1.0) coderay (~> 1.1.0)
method_source (~> 0.9.0) method_source (~> 0.9.0)
rake (12.3.0) rake (12.3.1)
rspec (3.7.0) rspec (3.7.0)
rspec-core (~> 3.7.0) rspec-core (~> 3.7.0)
rspec-expectations (~> 3.7.0) rspec-expectations (~> 3.7.0)
@ -32,14 +32,14 @@ GEM
rspec-mocks (3.7.0) rspec-mocks (3.7.0)
diff-lcs (>= 1.2.0, < 2.0) diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.7.0) rspec-support (~> 3.7.0)
rspec-support (3.7.0) rspec-support (3.7.1)
serverspec (2.41.3) serverspec (2.41.3)
multi_json multi_json
rspec (~> 3.0) rspec (~> 3.0)
rspec-its rspec-its
specinfra (~> 2.72) specinfra (~> 2.72)
sfl (2.3) sfl (2.3)
specinfra (2.73.0) specinfra (2.73.3)
net-scp net-scp
net-ssh (>= 2.7, < 5.0) net-ssh (>= 2.7, < 5.0)
net-telnet net-telnet

53
conf/passbolt.conf
View File

@ -10,28 +10,23 @@ server {
keepalive_timeout 5 5; keepalive_timeout 5 5;
send_timeout 10; send_timeout 10;
root /var/www/passbolt; root /var/www/passbolt/webroot;
index index.php;
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
index index.php;
} }
location ~ \.php$ { location ~ \.php$ {
fastcgi_index index.php; try_files $uri =404;
fastcgi_pass 127.0.0.1:9000; include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.+)$; fastcgi_pass 127.0.0.1:9000;
include fastcgi_params; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on;
fastcgi_param SERVER_NAME $http_host; fastcgi_split_path_info ^(.+\.php)(.+)$;
fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M"; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
} fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M";
location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|ejs|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\d)$ {
access_log off;
log_not_found off;
try_files $uri /webroot/$uri /index.php?$args;
#try_files $uri /app/webroot/$uri /index.php?$args;
} }
} }
@ -56,26 +51,22 @@ server {
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH"; ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:@STRENGTH";
ssl_session_tickets off; ssl_session_tickets off;
root /var/www/passbolt; root /var/www/passbolt/webroot;
index index.php;
location / { location / {
try_files $uri $uri/ /index.php?$args; try_files $uri $uri/ /index.php?$args;
index index.php;
} }
location ~ \.php$ { location ~ \.php$ {
fastcgi_index index.php; try_files $uri =404;
fastcgi_pass 127.0.0.1:9000; include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(.+)$; fastcgi_pass 127.0.0.1:9000;
include fastcgi_params; fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on;
fastcgi_param SERVER_NAME $http_host; fastcgi_split_path_info ^(.+\.php)(.+)$;
fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M"; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
} fastcgi_param SERVER_NAME $http_host;
fastcgi_param PHP_VALUE "upload_max_filesize=5M \n post_max_size=5M";
location ~* \.(jpe?g|woff|woff2|ttf|gif|png|bmp|ico|css|js|json|pdf|zip|htm|html|docx?|xlsx?|pptx?|txt|wav|swf|svg|avi|mp\d)$ {
access_log off;
log_not_found off;
try_files $uri /webroot/$uri /index.php?$args;
} }
} }

2
docker-compose-pro.yml
View File

@ -10,7 +10,7 @@ services:
- 3306 - 3306
passbolt: passbolt:
image: passbolt/passbolt:2.0.4-pro-debian image: passbolt/passbolt:2.0.5-pro-debian
tty: true tty: true
depends_on: depends_on:
- db - db

2
docker-compose.yml
View File

@ -10,7 +10,7 @@ services:
- 3306 - 3306
passbolt: passbolt:
image: passbolt/passbolt:2.0.4-debian image: passbolt/passbolt:2.0.5-debian
tty: true tty: true
depends_on: depends_on:
- db - db

4
spec/docker_image/image_spec.rb
View File

@ -89,6 +89,10 @@ describe 'Dockerfile' do
it 'has the correct permissions' do it 'has the correct permissions' do
expect(file(site_conf)).to be_owned_by 'root' expect(file(site_conf)).to be_owned_by 'root'
end end
it 'points to the correct root folder' do
expect(file(site_conf).content).to match 'root /var/www/passbolt/webroot'
end
end end
describe 'ports exposed' do describe 'ports exposed' do

40
spec/docker_runtime/runtime_spec.rb
View File

@ -3,6 +3,7 @@ require 'spec_helper'
describe 'passbolt_api service' do describe 'passbolt_api service' do
before(:all) do before(:all) do
@mysql_image = Docker::Image.create('fromImage' => 'mariadb:latest')
@mysql = Docker::Container.create( @mysql = Docker::Container.create(
'Env' => [ 'Env' => [
'MYSQL_ROOT_PASSWORD=test', 'MYSQL_ROOT_PASSWORD=test',
@ -16,7 +17,7 @@ describe 'passbolt_api service' do
"mysqladmin ping --silent" "mysqladmin ping --silent"
] ]
}, },
'Image' => 'mariadb') 'Image' => @mysql_image.id)
@mysql.start @mysql.start
while @mysql.json['State']['Health']['Status'] != 'healthy' while @mysql.json['State']['Health']['Status'] != 'healthy'
@ -30,6 +31,7 @@ describe 'passbolt_api service' do
'DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt', 'DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt',
'DATASOURCES_DEFAULT_USERNAME=passbolt', 'DATASOURCES_DEFAULT_USERNAME=passbolt',
'DATASOURCES_DEFAULT_DATABASE=passbolt', 'DATASOURCES_DEFAULT_DATABASE=passbolt',
'PASSBOLT_SSL_FORCE=true'
], ],
'Image' => @image.id) 'Image' => @image.id)
@container.start @container.start
@ -44,8 +46,10 @@ describe 'passbolt_api service' do
@container.kill @container.kill
end end
let(:http_path) { "/healthcheck/status.json" } let(:passbolt_host) { @container.json['NetworkSettings']['IPAddress'] }
let(:healthcheck) { 'curl -s -o /dev/null -w "%{http_code}" http://localhost/healthcheck/status.json' } let(:uri) { "/healthcheck/status.json" }
let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" }
let(:conf_app) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/conf/app.php" }
describe 'php service' do describe 'php service' do
it 'is running supervised' do it 'is running supervised' do
@ -79,7 +83,35 @@ describe 'passbolt_api service' do
describe 'passbolt status' do describe 'passbolt status' do
it 'returns 200' do it 'returns 200' do
expect(command(healthcheck).stdout).to eq '200' expect(command(curl).stdout).to eq '200'
end end
end end
describe 'passbolt serverkey unaccessible' do
let(:uri) { '/config/gpg/serverkey.asc' }
it "returns 404" do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt serverkey private unaccessible' do
let(:uri) { '/config/gpg/serverkey_private.asc' }
it 'returns 404' do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt conf unaccessible' do
let(:uri) { '/config/app.php' }
it 'returns 404' do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt tmp folder is unaccessible' do
let(:uri) { '/tmp/cache/database/empty' }
it 'returns 404' do
expect(command(curl).stdout).to eq '404'
end
end
end end