diff --git a/Dockerfile b/Dockerfile index 2738a80..c1733a9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,8 +4,10 @@ LABEL maintainer="Passbolt SA " ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D ENV PASSBOLT_PKG=passbolt-ce-server +ENV PHP_VERSION=7.3 ENV GNUPGHOME=/var/lib/passbolt/.gnupg + RUN apt-get update \ && DEBIAN_FRONTEND=non-interactive apt-get -y install \ ca-certificates \ @@ -16,10 +18,17 @@ RUN apt-get update \ && DEBIAN_FRONTEND=non-interactive apt-get -y install --no-install-recommends \ nginx \ $PASSBOLT_PKG \ - supervisor + supervisor \ + php-apcu RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/sites-enabled/nginx-passbolt.conf \ && rm /etc/nginx/sites-enabled/default \ + && cp /usr/share/passbolt/examples/nginx-passbolt-ssl.conf /etc/nginx/snippets/passbolt-ssl.conf \ + && sed -i 's,;clear_env = no,clear_env = no,' /etc/php/$PHP_VERSION/fpm/pool.d/www.conf \ + && sed -i 's,# include __PASSBOLT_SSL__,include /etc/nginx/snippets/passbolt-ssl.conf;,' /etc/nginx/sites-enabled/nginx-passbolt.conf \ + && sed -i 's,ssl on;,listen 4443 ssl;,' /etc/nginx/snippets/passbolt-ssl.conf \ + && sed -i 's,__CERT_PATH__,/etc/passbolt/certs/certificate.crt;,' /etc/nginx/snippets/passbolt-ssl.conf \ + && sed -i 's,__KEY_PATH__,/etc/passbolt/certs/certificate.key;,' /etc/nginx/snippets/passbolt-ssl.conf \ && sed -i '/user www-data;/d' /etc/nginx/nginx.conf \ && sed -i 's,/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \ diff --git a/bin/docker-entrypoint.sh b/bin/docker-entrypoint.sh index 59c44c9..c095df4 100755 --- a/bin/docker-entrypoint.sh +++ b/bin/docker-entrypoint.sh @@ -2,15 +2,16 @@ set -euo pipefail -passbolt_base='/usr/share/php/passbolt' passbolt_config="/etc/passbolt" - +passbolt_base="/usr/share/php/passbolt" gpg_private_key="${PASSBOLT_GPG_SERVER_KEY_PRIVATE:-$passbolt_config/gpg/serverkey_private.asc}" gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-$passbolt_config/gpg/serverkey.asc}" ssl_key="$passbolt_config/certs/certificate.key" ssl_cert="$passbolt_config/certs/certificate.crt" +export GNUPGHOME="/var/lib/passbolt/.gnupg" + entropy_check() { local entropy_avail @@ -72,12 +73,11 @@ gen_ssl_cert() { install() { if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f "$passbolt_config/passbolt.php" ]; then - gpg_auto_fingerprint="$(gpg --list-keys --with-colons "${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}" |grep fpr |head -1| cut -f10 -d:)" + gpg_auto_fingerprint="$(gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:)" export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint - declare -p | grep PASSBOLT_GPG_SERVER_KEY_FINGERPRINT > ~/.profile fi - "$passbolt_base/bin/cake" passbolt install --no-admin || "$passbolt_base/bin/cake" passbolt migrate && echo "Enjoy! ☮" + $passbolt_base/bin/cake passbolt install --no-admin || $passbolt_base/bin/cake passbolt migrate && echo "Enjoy! ☮" } diff --git a/docker-compose.yml b/docker-compose.yml index e438d62..33ba1a5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,17 +10,15 @@ services: - "127.0.0.1:3306:3306" passbolt: - image: localpassbolt + image: localpassbolt-nonroot tty: true depends_on: - db env_file: - env/passbolt.env volumes: - - gpg_volume:/var/www/passbolt/config/gpg - - images_volume:/var/www/passbolt/webroot/img/public - tmpfs: - - /run + - gpg_volume:/var/lib/passbolt/.gnupg + - images_volume:/usr/share/php/passbolt/webroot/img/public command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"] ports: - 80:8080