CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'feature/docker-revamp' into feature/docker-revamp-non-root

This commit is contained in:
Diego Lendoiro 2020-07-23 23:05:34 +02:00
parent b5c3c6e18f 6635960f40
commit c5e675fb12
No known key found for this signature in database
GPG Key ID: 3808AD1A50FF0B59
3 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Dockerfile
View File

@ -4,8 +4,10 @@ LABEL maintainer="Passbolt SA <contact@passbolt.com>"
ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D
ENV PASSBOLT_PKG=passbolt-ce-server ENV PASSBOLT_PKG=passbolt-ce-server
ENV PHP_VERSION=7.3
ENV GNUPGHOME=/var/lib/passbolt/.gnupg ENV GNUPGHOME=/var/lib/passbolt/.gnupg
RUN apt-get update \ RUN apt-get update \
&& DEBIAN_FRONTEND=non-interactive apt-get -y install \ && DEBIAN_FRONTEND=non-interactive apt-get -y install \
ca-certificates \ ca-certificates \
@ -16,10 +18,17 @@ RUN apt-get update \
&& DEBIAN_FRONTEND=non-interactive apt-get -y install --no-install-recommends \ && DEBIAN_FRONTEND=non-interactive apt-get -y install --no-install-recommends \
nginx \ nginx \
$PASSBOLT_PKG \ $PASSBOLT_PKG \
supervisor supervisor \
php-apcu
RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/sites-enabled/nginx-passbolt.conf \ RUN sed -i 's,listen 80;,listen 8080;,' /etc/nginx/sites-enabled/nginx-passbolt.conf \
&& rm /etc/nginx/sites-enabled/default \ && rm /etc/nginx/sites-enabled/default \
&& cp /usr/share/passbolt/examples/nginx-passbolt-ssl.conf /etc/nginx/snippets/passbolt-ssl.conf \
&& sed -i 's,;clear_env = no,clear_env = no,' /etc/php/$PHP_VERSION/fpm/pool.d/www.conf \
&& sed -i 's,# include __PASSBOLT_SSL__,include /etc/nginx/snippets/passbolt-ssl.conf;,' /etc/nginx/sites-enabled/nginx-passbolt.conf \
&& sed -i 's,ssl on;,listen 4443 ssl;,' /etc/nginx/snippets/passbolt-ssl.conf \
&& sed -i 's,__CERT_PATH__,/etc/passbolt/certs/certificate.crt;,' /etc/nginx/snippets/passbolt-ssl.conf \
&& sed -i 's,__KEY_PATH__,/etc/passbolt/certs/certificate.key;,' /etc/nginx/snippets/passbolt-ssl.conf \
&& sed -i '/user www-data;/d' /etc/nginx/nginx.conf \ && sed -i '/user www-data;/d' /etc/nginx/nginx.conf \
&& sed -i 's,/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \ && sed -i 's,/run/nginx.pid,/tmp/nginx.pid,' /etc/nginx/nginx.conf \
&& sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \ && sed -i "/^http {/a \ proxy_temp_path /tmp/proxy_temp;\n client_body_temp_path /tmp/client_temp;\n fastcgi_temp_path /tmp/fastcgi_temp;\n uwsgi_temp_path /tmp/uwsgi_temp;\n scgi_temp_path /tmp/scgi_temp;\n" /etc/nginx/nginx.conf \

10
bin/docker-entrypoint.sh
View File

@ -2,15 +2,16 @@
set -euo pipefail set -euo pipefail
passbolt_base='/usr/share/php/passbolt'
passbolt_config="/etc/passbolt" passbolt_config="/etc/passbolt"
passbolt_base="/usr/share/php/passbolt"
gpg_private_key="${PASSBOLT_GPG_SERVER_KEY_PRIVATE:-$passbolt_config/gpg/serverkey_private.asc}" gpg_private_key="${PASSBOLT_GPG_SERVER_KEY_PRIVATE:-$passbolt_config/gpg/serverkey_private.asc}"
gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-$passbolt_config/gpg/serverkey.asc}" gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-$passbolt_config/gpg/serverkey.asc}"
ssl_key="$passbolt_config/certs/certificate.key" ssl_key="$passbolt_config/certs/certificate.key"
ssl_cert="$passbolt_config/certs/certificate.crt" ssl_cert="$passbolt_config/certs/certificate.crt"
export GNUPGHOME="/var/lib/passbolt/.gnupg"
entropy_check() { entropy_check() {
local entropy_avail local entropy_avail
@ -72,12 +73,11 @@ gen_ssl_cert() {
install() { install() {
if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f "$passbolt_config/passbolt.php" ]; then if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f "$passbolt_config/passbolt.php" ]; then
gpg_auto_fingerprint="$(gpg --list-keys --with-colons "${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}" |grep fpr |head -1| cut -f10 -d:)" gpg_auto_fingerprint="$(gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:)"
export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
declare -p | grep PASSBOLT_GPG_SERVER_KEY_FINGERPRINT > ~/.profile
fi fi
"$passbolt_base/bin/cake" passbolt install --no-admin || "$passbolt_base/bin/cake" passbolt migrate && echo "Enjoy! ☮" $passbolt_base/bin/cake passbolt install --no-admin || $passbolt_base/bin/cake passbolt migrate && echo "Enjoy! ☮"
} }

8
docker-compose.yml
View File

@ -10,17 +10,15 @@ services:
- "127.0.0.1:3306:3306" - "127.0.0.1:3306:3306"
passbolt: passbolt:
image: localpassbolt image: localpassbolt-nonroot
tty: true tty: true
depends_on: depends_on:
- db - db
env_file: env_file:
- env/passbolt.env - env/passbolt.env
volumes: volumes:
- gpg_volume:/var/www/passbolt/config/gpg - gpg_volume:/var/lib/passbolt/.gnupg
- images_volume:/var/www/passbolt/webroot/img/public - images_volume:/usr/share/php/passbolt/webroot/img/public
tmpfs:
- /run
command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"] command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
ports: ports:
- 80:8080 - 80:8080