Changed: initial revamp with passbolt debian package
This commit is contained in:
Diego Lendoiro
parent
81988a7fa5
commit
e83ea269ae
89
Dockerfile
89
Dockerfile
|
|
@ -1,84 +1,23 @@
|
|||
FROM php:7.3.16-fpm
|
||||
FROM debian:buster-slim
|
||||
|
||||
LABEL maintainer="Passbolt SA <contact@passbolt.com>"
|
||||
|
||||
ARG PASSBOLT_VERSION="2.12.1"
|
||||
ARG PASSBOLT_URL="https://github.com/passbolt/passbolt_api/archive/v${PASSBOLT_VERSION}.tar.gz"
|
||||
ARG PASSBOLT_CURL_HEADERS=""
|
||||
ENV PASSBOLT_PKG_KEY=0xDE8B853FC155581D
|
||||
ENV PASSBOLT_PKG=passbolt-ce-server
|
||||
|
||||
ARG PHP_EXTENSIONS="gd \
|
||||
intl \
|
||||
pdo_mysql \
|
||||
opcache \
|
||||
xsl"
|
||||
|
||||
ARG PECL_PASSBOLT_EXTENSIONS="gnupg \
|
||||
redis \
|
||||
mcrypt"
|
||||
|
||||
ARG PASSBOLT_DEV_PACKAGES="libgpgme11-dev \
|
||||
libpng-dev \
|
||||
libjpeg62-turbo-dev \
|
||||
libicu-dev \
|
||||
libxslt1-dev \
|
||||
libmcrypt-dev \
|
||||
unzip"
|
||||
|
||||
ARG PASSBOLT_BASE_PACKAGES="nginx \
|
||||
gnupg \
|
||||
libgpgme11 \
|
||||
libmcrypt4 \
|
||||
mariadb-client \
|
||||
supervisor \
|
||||
cron"
|
||||
|
||||
ENV PECL_BASE_URL="https://pecl.php.net/get"
|
||||
ENV PHP_EXT_DIR="/usr/src/php/ext"
|
||||
|
||||
WORKDIR /var/www/passbolt
|
||||
RUN apt-get update \
|
||||
&& apt-get -y install --no-install-recommends \
|
||||
$PASSBOLT_DEV_PACKAGES \
|
||||
$PASSBOLT_BASE_PACKAGES \
|
||||
&& mkdir /home/www-data \
|
||||
&& chown -R www-data:www-data /home/www-data \
|
||||
&& usermod -d /home/www-data www-data \
|
||||
&& docker-php-source extract \
|
||||
&& for i in $PECL_PASSBOLT_EXTENSIONS; do \
|
||||
mkdir $PHP_EXT_DIR/$i; \
|
||||
curl -sSL $PECL_BASE_URL/$i | tar zxf - -C $PHP_EXT_DIR/$i --strip-components 1; \
|
||||
done \
|
||||
&& docker-php-ext-configure gd --with-jpeg-dir=/usr/include/ \
|
||||
&& docker-php-ext-install -j4 $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \
|
||||
&& docker-php-ext-enable $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \
|
||||
&& docker-php-source delete \
|
||||
&& EXPECTED_SIGNATURE=$(curl -s https://composer.github.io/installer.sig) \
|
||||
&& curl -o composer-setup.php https://getcomposer.org/installer \
|
||||
&& ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', 'composer-setup.php');") \
|
||||
&& if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; then \
|
||||
>&2 echo 'ERROR: Invalid installer signature'; \
|
||||
rm composer-setup.php; \
|
||||
exit 1; \
|
||||
fi \
|
||||
&& php composer-setup.php \
|
||||
&& mv composer.phar /usr/local/bin/composer \
|
||||
&& rm composer-setup.php \
|
||||
&& curl -sSL -H "$PASSBOLT_CURL_HEADERS" "$PASSBOLT_URL" | tar zxf - -C . --strip-components 1 \
|
||||
&& composer install -n --no-dev --optimize-autoloader \
|
||||
&& chown -R www-data:www-data . \
|
||||
&& chmod 775 $(find /var/www/passbolt/tmp -type d) \
|
||||
&& chmod 664 $(find /var/www/passbolt/tmp -type f) \
|
||||
&& chmod 775 $(find /var/www/passbolt/webroot/img/public -type d) \
|
||||
&& chmod 664 $(find /var/www/passbolt/webroot/img/public -type f) \
|
||||
&& rm /etc/nginx/sites-enabled/default \
|
||||
&& apt-get purge -y --auto-remove $PASSBOLT_DEV_PACKAGES \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
&& rm /usr/local/bin/composer \
|
||||
&& echo 'php_flag[expose_php] = off' > /usr/local/etc/php-fpm.d/expose.conf \
|
||||
&& sed -i 's/# server_tokens/server_tokens/' /etc/nginx/nginx.conf \
|
||||
&& mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
|
||||
&& DEBIAN_FRONTEND=non-interactive apt-get -y install \
|
||||
ca-certificates \
|
||||
gnupg \
|
||||
&& apt-key adv --keyserver keys.gnupg.net --recv-keys $PASSBOLT_PKG_KEY \
|
||||
&& echo "deb https://download.passbolt.com/ce/debian buster stable" > /etc/apt/sources.list.d/passbolt.list \
|
||||
&& apt-get update \
|
||||
&& DEBIAN_FRONTEND=non-interactive apt-get -y install --no-install-recommends \
|
||||
nginx \
|
||||
$PASSBOLT_PKG \
|
||||
supervisor
|
||||
|
||||
|
||||
COPY conf/passbolt.conf /etc/nginx/conf.d/default.conf
|
||||
COPY conf/supervisor/*.conf /etc/supervisor/conf.d/
|
||||
COPY bin/docker-entrypoint.sh /docker-entrypoint.sh
|
||||
COPY scripts/wait-for.sh /usr/bin/wait-for.sh
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ gpg_public_key="${PASSBOLT_GPG_SERVER_KEY_PUBLIC:-/var/www/passbolt/config/gpg/s
|
|||
ssl_key='/etc/ssl/certs/certificate.key'
|
||||
ssl_cert='/etc/ssl/certs/certificate.crt'
|
||||
|
||||
export GNUPGHOME="/home/www-data/.gnupg"
|
||||
export GNUPGHOME="/var/lib/passbolt/.gnupg"
|
||||
|
||||
entropy_check() {
|
||||
local entropy_avail
|
||||
|
|
@ -42,7 +42,7 @@ gpg_gen_key() {
|
|||
|
||||
entropy_check
|
||||
|
||||
su -c "gpg --batch --no-tty --gen-key <<EOF
|
||||
su -c "gpg --homedir $GNUPGHOME --batch --no-tty --gen-key <<EOF
|
||||
Key-Type: default
|
||||
Key-Length: $key_length
|
||||
Subkey-Type: default
|
||||
|
|
@ -54,13 +54,13 @@ gpg_gen_key() {
|
|||
%commit
|
||||
EOF" -ls /bin/bash www-data
|
||||
|
||||
su -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/bash www-data
|
||||
su -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/bash www-data
|
||||
su -c "gpg --homedir $GNUPGHOME --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/bash www-data
|
||||
su -c "gpg --homedir $GNUPGHOME --armor --export $key_email > $gpg_public_key" -ls /bin/bash www-data
|
||||
}
|
||||
|
||||
gpg_import_key() {
|
||||
su -c "gpg --batch --import $gpg_public_key" -ls /bin/bash www-data
|
||||
su -c "gpg --batch --import $gpg_private_key" -ls /bin/bash www-data
|
||||
su -c "gpg --homedir $GNUPGHOME --batch --import $gpg_public_key" -ls /bin/bash www-data
|
||||
su -c "gpg --homedir $GNUPGHOME --batch --import $gpg_private_key" -ls /bin/bash www-data
|
||||
}
|
||||
|
||||
gen_ssl_cert() {
|
||||
|
|
@ -70,18 +70,18 @@ gen_ssl_cert() {
|
|||
}
|
||||
|
||||
install() {
|
||||
local app_config="/var/www/passbolt/config/app.php"
|
||||
local app_config="/etc/passbolt/app.php"
|
||||
|
||||
if [ ! -f "$app_config" ]; then
|
||||
su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/bash www-data
|
||||
su -c "cp $app_config/app.default.php $app_config/app.php" -s /bin/bash www-data
|
||||
fi
|
||||
|
||||
if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f '/var/www/passbolt/config/passbolt.php' ]; then
|
||||
gpg_auto_fingerprint="$(su -c "gpg --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)"
|
||||
if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f "$app_config/passbolt.php" ]; then
|
||||
gpg_auto_fingerprint="$(su -c "gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)"
|
||||
export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
|
||||
fi
|
||||
|
||||
su -c '/var/www/passbolt/bin/cake passbolt install --no-admin' -s /bin/bash www-data || su -c '/var/www/passbolt/bin/cake passbolt migrate' -s /bin/bash www-data && echo "Enjoy! ☮"
|
||||
su -c '/usr/share/php/passbolt/bin/cake passbolt install --no-admin' -s /bin/bash www-data || su -c '/usr/share/php/passbolt/bin/cake passbolt migrate' -s /bin/bash www-data && echo "Enjoy! ☮"
|
||||
}
|
||||
|
||||
email_cron_job() {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ services:
|
|||
- "127.0.0.1:3306:3306"
|
||||
|
||||
passbolt:
|
||||
image: passbolt/passbolt:2.12.0-debian
|
||||
image: localpassbolt
|
||||
tty: true
|
||||
depends_on:
|
||||
- db
|
||||
|
|
|
|||
Loading…
Reference in New Issue