Revert "massive revert back to vanilla alpine as base image"
This reverts commit 0eb7156a16.
This commit is contained in:
Diego Lendoiro
parent
0eb7156a16
commit
b3b43fbb41
62
Dockerfile
62
Dockerfile
|
|
@ -1,24 +1,14 @@
|
|||
FROM alpine
|
||||
FROM php:7-fpm-alpine3.7
|
||||
|
||||
LABEL maintainer="diego@passbolt.com"
|
||||
|
||||
ARG PASSBOLT_VERSION="2.0.0-rc2"
|
||||
ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"
|
||||
|
||||
ARG PHP_EXTENSIONS="php7-gd \
|
||||
php7-intl \
|
||||
php7-pdo_mysql \
|
||||
php7-xsl \
|
||||
php7-redis \
|
||||
php7-openssl \
|
||||
php7-json \
|
||||
php7-zlib \
|
||||
php7-phar \
|
||||
php7-mbstring \
|
||||
php7-ctype \
|
||||
php7-posix \
|
||||
php7-mcrypt \
|
||||
php7-iconv"
|
||||
ARG PHP_EXTENSIONS="gd \
|
||||
intl \
|
||||
pdo_mysql \
|
||||
xsl"
|
||||
|
||||
ARG PHP_GNUPG_BUILD_DEPS="php7-dev \
|
||||
make \
|
||||
|
|
@ -30,43 +20,37 @@ ARG PHP_GNUPG_BUILD_DEPS="php7-dev \
|
|||
gpgme-dev \
|
||||
autoconf \
|
||||
zlib-dev \
|
||||
file \
|
||||
php7-pear"
|
||||
file"
|
||||
|
||||
ARG PECL_PASSBOLT_EXTENSIONS="gnupg"
|
||||
ARG PECL_PASSBOLT_EXTENSIONS="gnupg \
|
||||
redis"
|
||||
|
||||
WORKDIR /var/www/passbolt
|
||||
RUN apk add --no-cache $PHP_GNUPG_BUILD_DEPS \
|
||||
$PHP_EXTENSIONS \
|
||||
openssl \
|
||||
nginx \
|
||||
php7-fpm \
|
||||
gpgme \
|
||||
gnupg1 \
|
||||
mysql-client \
|
||||
libpng-dev \
|
||||
icu-dev \
|
||||
libxslt-dev \
|
||||
libmcrypt-dev \
|
||||
supervisor \
|
||||
php7 \
|
||||
curl \
|
||||
git \
|
||||
&& pecl install $PECL_PASSBOLT_EXTENSIONS \
|
||||
&& echo "extension=gnupg.so" > /etc/php7/conf.d/20_gnupg.ini \
|
||||
&& pecl install $PECL_PASSBOLT_EXTENSIONS mcrypt-snapshot \
|
||||
&& docker-php-ext-install -j4 $PHP_EXTENSIONS \
|
||||
&& docker-php-ext-enable $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS mcrypt \
|
||||
&& apk del $PHP_GNUPG_BUILD_DEPS \
|
||||
&& php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
|
||||
&& php composer-setup.php \
|
||||
&& php -r "unlink('composer-setup.php');" \
|
||||
&& mv composer.phar /usr/local/bin/composer \
|
||||
&& curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \
|
||||
&& composer install -n --no-dev --optimize-autoloader \
|
||||
&& apk del git \
|
||||
&& chown -R nginx:nginx . \
|
||||
&& curl -sS https://getcomposer.org/installer | php \
|
||||
&& mv composer.phar /usr/local/bin/composer
|
||||
|
||||
WORKDIR /var/www/passbolt
|
||||
RUN curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \
|
||||
&& composer install --no-dev --optimize-autoloader \
|
||||
&& chown -R www-data:www-data . \
|
||||
&& chmod 775 $(find /var/www/passbolt/tmp -type d) \
|
||||
&& chmod 664 $(find /var/www/passbolt/tmp -type f) \
|
||||
&& chmod 775 $(find /var/www/passbolt/webroot/img/public -type d) \
|
||||
&& chmod 664 $(find /var/www/passbolt/webroot/img/public -type f) \
|
||||
&& sed -i 's/;daemonize = yes/daemonize = no/g' /etc/php7/php-fpm.conf \
|
||||
&& sed -i 's/;clear_env = no/clear_env = no/g' /etc/php7/php-fpm.d/www.conf \
|
||||
&& sed -i 's/user = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf \
|
||||
&& sed -i 's/group = nobody/user = nginx/g' /etc/php7/php-fpm.d/www.conf
|
||||
&& chmod 664 $(find /var/www/passbolt/webroot/img/public -type f)
|
||||
|
||||
COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf
|
||||
COPY conf/supervisord.conf /etc/supervisord.conf
|
||||
|
|
|
|||
|
|
@ -24,16 +24,16 @@ gpg_gen_key() {
|
|||
Name-Email: $key_email
|
||||
Expire-Date: $expiration
|
||||
%commit
|
||||
EOF" -ls /bin/sh nginx
|
||||
EOF" -ls /bin/sh www-data
|
||||
|
||||
su -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/sh nginx
|
||||
su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh nginx
|
||||
su -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/sh www-data
|
||||
su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh www-data
|
||||
}
|
||||
|
||||
gpg_import_key() {
|
||||
key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh nginx)
|
||||
su -c "gpg --batch --import $gpg_public_key" -ls /bin/sh nginx
|
||||
su -c "gpg -K $key_id" -ls /bin/sh nginx || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh nginx
|
||||
key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh www-data)
|
||||
su -c "gpg --batch --import $gpg_public_key" -ls /bin/sh www-data
|
||||
su -c "gpg -K $key_id" -ls /bin/sh www-data || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh www-data
|
||||
}
|
||||
|
||||
gen_ssl_cert() {
|
||||
|
|
@ -52,16 +52,16 @@ install() {
|
|||
app_config="/var/www/passbolt/config/app.php"
|
||||
|
||||
if [ ! -f "$app_config" ]; then
|
||||
su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/sh nginx
|
||||
su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/sh www-data
|
||||
fi
|
||||
|
||||
if [ -z "$PASSBOLT_GPG_SERVER_KEY_FINGERPRINT" ]; then
|
||||
gpg_auto_fingerprint="$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh nginx)"
|
||||
gpg_auto_fingerprint="$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh www-data)"
|
||||
export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
|
||||
fi
|
||||
|
||||
if [ "$tables" -eq 0 ]; then
|
||||
su -c '/var/www/passbolt/bin/cake passbolt install --no-admin --force' -s /bin/sh nginx
|
||||
su -c '/var/www/passbolt/bin/cake passbolt install --no-admin --force' -s /bin/sh www-data
|
||||
else
|
||||
echo "Enjoy! ☮"
|
||||
fi
|
||||
|
|
@ -77,7 +77,7 @@ email_cron_job() {
|
|||
echo "* * * * * run-parts $cron_task_dir" >> $root_crontab
|
||||
echo "#!/bin/sh" > $cron_task
|
||||
chmod +x $cron_task
|
||||
echo "su -c \"$process_email\" -s /bin/sh nginx" >> $cron_task
|
||||
echo "su -c \"$process_email\" -s /bin/sh www-data" >> $cron_task
|
||||
}
|
||||
|
||||
if [ ! -f "$gpg_private_key" ] && [ ! -L "$gpg_private_key" ] || \
|
||||
|
|
|
|||
|
|
@ -20,8 +20,8 @@ supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
|
|||
[supervisorctl]
|
||||
serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
|
||||
|
||||
[program:php-fpm7]
|
||||
command=php-fpm7
|
||||
[program:php-fpm]
|
||||
command=php-fpm
|
||||
autostart=true
|
||||
priority=5
|
||||
|
||||
|
|
|
|||
|
|
@ -21,12 +21,12 @@ describe 'Dockerfile' do
|
|||
let(:passbolt_home) { '/var/www/passbolt' }
|
||||
let(:passbolt_tmp) { '/var/www/passbolt/tmp' }
|
||||
let(:passbolt_image) { '/var/www/passbolt/webroot/img/public' }
|
||||
let(:passbolt_owner) { 'nginx' }
|
||||
let(:passbolt_owner) { 'www-data' }
|
||||
let(:exposed_ports) { [ '80', '443' ] }
|
||||
let(:composer) { '/usr/local/bin/composer'}
|
||||
let(:php_extensions) { [
|
||||
'gd', 'intl', 'json', 'mcrypt', 'mysqlnd', 'phar',
|
||||
'posix', 'libxml', 'xsl', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql'
|
||||
'curl', 'gd', 'intl', 'json', 'mcrypt', 'mysqlnd', 'xsl', 'phar',
|
||||
'posix', 'xml', 'xsl', 'zlib', 'ctype', 'pdo', 'gnupg', 'pdo_mysql'
|
||||
] }
|
||||
|
||||
describe 'passbolt required php extensions' do
|
||||
|
|
@ -43,18 +43,6 @@ describe 'Dockerfile' do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'openssl' do
|
||||
it 'is installed' do
|
||||
expect(package('openssl')).to be_installed
|
||||
end
|
||||
end
|
||||
|
||||
describe 'php7-fpm' do
|
||||
it 'is installed' do
|
||||
expect(package('php7-fpm')).to be_installed
|
||||
end
|
||||
end
|
||||
|
||||
describe 'supervisor' do
|
||||
it 'is installed' do
|
||||
expect(package('supervisor')).to be_installed
|
||||
|
|
|
|||
Loading…
Reference in New Issue