CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

multiple changes to make debian compliant container

This commit is contained in:
Diego Lendoiro 2018-02-27 10:38:50 +01:00
parent f5c7b8ab21
commit d3c3edead2
5 changed files with 47 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
Dockerfile
View File

@ -1,4 +1,4 @@
FROM php:7-fpm-alpine3.7 FROM php:7-fpm
LABEL maintainer="diego@passbolt.com" LABEL maintainer="diego@passbolt.com"
@ -10,47 +10,51 @@ ARG PHP_EXTENSIONS="gd \
pdo_mysql \ pdo_mysql \
xsl" xsl"
ARG PHP_GNUPG_BUILD_DEPS="php7-dev \
make \
gcc \
g++ \
libc-dev \
pkgconfig \
re2c \
gpgme-dev \
autoconf \
zlib-dev \
file"
ARG PECL_PASSBOLT_EXTENSIONS="gnupg \ ARG PECL_PASSBOLT_EXTENSIONS="gnupg \
redis" redis \
mcrypt"
RUN apk add --no-cache $PHP_GNUPG_BUILD_DEPS \ ENV PECL_BASE_URL="https://pecl.php.net/get"
ENV PHP_EXT_DIR="/usr/src/php/ext"
WORKDIR /var/www/passbolt
RUN apt-get update && apt-get -y install \
--no-install-recommends \
nginx \ nginx \
gpgme \ libgpgme11-dev \
gnupg1 \ gnupg1 \
mysql-client \ mysql-client \
libpng-dev \ libpng-dev \
icu-dev \ libicu-dev \
libxslt-dev \ libxslt1-dev \
libmcrypt-dev \ libmcrypt-dev \
supervisor \ supervisor \
git \ git \
&& pecl install $PECL_PASSBOLT_EXTENSIONS mcrypt-snapshot \ netcat \
&& docker-php-ext-install -j4 $PHP_EXTENSIONS \ procps \
&& docker-php-ext-enable $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS mcrypt \ cron \
&& apk del $PHP_GNUPG_BUILD_DEPS \ && mv /usr/bin/gpg /usr/bin/gpg2 \
&& update-alternatives --verbose --install /usr/bin/gpg gnupg /usr/bin/gpg1 50 \
&& mkdir /home/www-data \
&& chown -R www-data:www-data /home/www-data \
&& usermod -d /home/www-data www-data \
&& docker-php-source extract \
&& for i in $PECL_PASSBOLT_EXTENSIONS; do \
mkdir $PHP_EXT_DIR/$i; \
curl -sSL $PECL_BASE_URL/$i | tar zxf - -C $PHP_EXT_DIR/$i --strip-components 1; \
done \
&& docker-php-ext-install -j4 $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \
&& docker-php-ext-enable $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \
&& curl -sS https://getcomposer.org/installer | php \ && curl -sS https://getcomposer.org/installer | php \
&& mv composer.phar /usr/local/bin/composer && mv composer.phar /usr/local/bin/composer \
&& curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \
WORKDIR /var/www/passbolt
RUN curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \
&& composer install --no-dev --optimize-autoloader \ && composer install --no-dev --optimize-autoloader \
&& chown -R www-data:www-data . \ && chown -R www-data:www-data . \
&& chmod 775 $(find /var/www/passbolt/tmp -type d) \ && chmod 775 $(find /var/www/passbolt/tmp -type d) \
&& chmod 664 $(find /var/www/passbolt/tmp -type f) \ && chmod 664 $(find /var/www/passbolt/tmp -type f) \
&& chmod 775 $(find /var/www/passbolt/webroot/img/public -type d) \ && chmod 775 $(find /var/www/passbolt/webroot/img/public -type d) \
&& chmod 664 $(find /var/www/passbolt/webroot/img/public -type f) && chmod 664 $(find /var/www/passbolt/webroot/img/public -type f) \
&& rm /etc/nginx/sites-enabled/default
COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf
COPY conf/supervisord.conf /etc/supervisord.conf COPY conf/supervisord.conf /etc/supervisord.conf

21
bin/docker-entrypoint.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env bash
set -eo pipefail set -eu
gpg_private_key="${PASSBOLT_GPG_SERVER_KEY_PRIVATE:-/var/www/passbolt/config/gpg/serverkey_private.asc}" gpg_private_key="${PASSBOLT_GPG_SERVER_KEY_PRIVATE:-/var/www/passbolt/config/gpg/serverkey_private.asc}"
gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-/var/www/passbolt/config/gpg/serverkey.asc}" gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-/var/www/passbolt/config/gpg/serverkey.asc}"
@ -8,6 +8,8 @@ gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-/var/www/passbolt/config/gpg/s
ssl_key='/etc/ssl/certs/certificate.key' ssl_key='/etc/ssl/certs/certificate.key'
ssl_cert='/etc/ssl/certs/certificate.crt' ssl_cert='/etc/ssl/certs/certificate.crt'
export GNUPGHOME="/home/www-data/.gnupg"
gpg_gen_key() { gpg_gen_key() {
key_email="${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}" key_email="${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com}"
key_name="${PASSBOLT_KEY_NAME:-Passbolt default user}" key_name="${PASSBOLT_KEY_NAME:-Passbolt default user}"
@ -15,7 +17,7 @@ gpg_gen_key() {
subkey_length="${PASSBOLT_SUBKEY_LENGTH:-2048}" subkey_length="${PASSBOLT_SUBKEY_LENGTH:-2048}"
expiration="${PASSBOLT_KEY_EXPIRATION:-0}" expiration="${PASSBOLT_KEY_EXPIRATION:-0}"
su -m -c "gpg --batch --gen-key <<EOF su -m -c "gpg --batch --no-tty --gen-key <<EOF
Key-Type: 1 Key-Type: 1
Key-Length: $key_length Key-Length: $key_length
Subkey-Type: 1 Subkey-Type: 1
@ -55,7 +57,7 @@ install() {
su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/sh www-data su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/sh www-data
fi fi
if [ -z "$PASSBOLT_GPG_SERVER_KEY_FINGERPRINT" ]; then if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ]; then
gpg_auto_fingerprint="$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh www-data)" gpg_auto_fingerprint="$(su -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh www-data)"
export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
fi fi
@ -68,16 +70,11 @@ install() {
} }
email_cron_job() { email_cron_job() {
root_crontab='/etc/crontabs/root' cron_task='/etc/cron.d/passbolt_email'
cron_task_dir='/etc/periodic/1min'
cron_task='/etc/periodic/1min/email_queue_processing'
process_email="/var/www/passbolt/bin/cake EmailQueue.sender --quiet" process_email="/var/www/passbolt/bin/cake EmailQueue.sender --quiet"
echo "* * * * * su -c \"$process_email\" -s /bin/sh www-data" >> $cron_task
mkdir -p $cron_task_dir crontab /etc/cron.d/passbolt_email
echo "* * * * * run-parts $cron_task_dir" >> $root_crontab
echo "#!/bin/sh" > $cron_task
chmod +x $cron_task
echo "su -c \"$process_email\" -s /bin/sh www-data" >> $cron_task
} }
if [ ! -f "$gpg_private_key" ] && [ ! -L "$gpg_private_key" ] || \ if [ ! -f "$gpg_private_key" ] && [ ! -L "$gpg_private_key" ] || \

6
conf/supervisord.conf
View File

@ -26,11 +26,11 @@ autostart=true
priority=5 priority=5
[program:nginx] [program:nginx]
command=nginx -g "pid /tmp/nginx.pid; daemon off;" command=nginx -g "daemon off;"
autostart=true autostart=true
priority=10 priority=10
[program:crond] [program:cron]
command=crond -f -c /etc/crontabs command=cron
autostart=true autostart=true
priority=20 priority=20

6
docker-compose.yml
View File

@ -10,15 +10,15 @@ services:
- 3306 - 3306
passbolt: passbolt:
image: passbolt/passbolt:2.0.0-rc2-alpine image: gcr.io/passbolt-production/passbolt-api:2.0.0-rc2-debian
depends_on: depends_on:
- db - db
env_file: env_file:
- env/passbolt.env - env/passbolt.env
volumes: volumes:
- gpg_volume:/var/www/passbolt/config/gpg
- images_volume:/var/www/passbolt/webroot/img/public/images
- ./scripts/wait-for.sh:/usr/bin/wait-for.sh - ./scripts/wait-for.sh:/usr/bin/wait-for.sh
tmpfs:
- /run
command: ["/usr/bin/wait-for.sh", "db:3306", "--", "/docker-entrypoint.sh"] command: ["/usr/bin/wait-for.sh", "db:3306", "--", "/docker-entrypoint.sh"]
ports: ports:
- 80:80 - 80:80

1
env/passbolt.env vendored
View File

@ -6,6 +6,7 @@ DATASOURCES_DEFAULT_HOST=db
DATASOURCES_DEFAULT_USERNAME=passbolt DATASOURCES_DEFAULT_USERNAME=passbolt
DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt DATASOURCES_DEFAULT_PASSWORD=P4ssb0lt
DATASOURCES_DEFAULT_DATABASE=passbolt DATASOURCES_DEFAULT_DATABASE=passbolt
DATASOURCES_DEFAULT_PORT=3306
# Misc # Misc
PASSBOLT_REGISTRATION_PUBLIC=true PASSBOLT_REGISTRATION_PUBLIC=true