summaryrefslogtreecommitdiff
path: root/.docker/app
diff options
context:
space:
mode:
Diffstat (limited to '.docker/app')
-rw-r--r--.docker/app/Dockerfile87
-rw-r--r--.docker/app/backup.sh31
-rw-r--r--.docker/app/config.docker.php8
-rw-r--r--.docker/app/dcron.sh5
-rw-r--r--.docker/app/index.php3
-rw-r--r--.docker/app/startup.sh153
-rw-r--r--.docker/app/updater.sh33
7 files changed, 320 insertions, 0 deletions
diff --git a/.docker/app/Dockerfile b/.docker/app/Dockerfile
new file mode 100644
index 000000000..e1a70d011
--- /dev/null
+++ b/.docker/app/Dockerfile
@@ -0,0 +1,87 @@
+FROM registry.fakecake.org/docker.io/alpine:3.17
+EXPOSE 9000/tcp
+
+ENV SCRIPT_ROOT=/opt/tt-rss
+ENV SRC_DIR=/src/tt-rss/
+
+RUN apk add --no-cache dcron php81 php81-fpm php81-phar php81-sockets php81-pecl-apcu \
+ php81-pdo php81-gd php81-pgsql php81-pdo_pgsql php81-xmlwriter php81-opcache \
+ php81-mbstring php81-intl php81-xml php81-curl php81-simplexml \
+ php81-session php81-tokenizer php81-dom php81-fileinfo php81-ctype \
+ php81-json php81-iconv php81-pcntl php81-posix php81-zip php81-exif \
+ php81-openssl git postgresql-client sudo php81-pecl-xdebug rsync tzdata && \
+ sed -i 's/\(memory_limit =\) 128M/\1 256M/' /etc/php81/php.ini && \
+ sed -i -e 's/^listen = 127.0.0.1:9000/listen = 9000/' \
+ -e 's/;\(clear_env\) = .*/\1 = no/i' \
+ -e 's/^\(user\|group\) = .*/\1 = app/i' \
+ -e 's/;\(php_admin_value\[error_log\]\) = .*/\1 = \/tmp\/error.log/' \
+ -e 's/;\(php_admin_flag\[log_errors\]\) = .*/\1 = on/' \
+ /etc/php81/php-fpm.d/www.conf && \
+ mkdir -p /var/www ${SCRIPT_ROOT}/config.d
+
+ARG CI_COMMIT_BRANCH
+ENV CI_COMMIT_BRANCH=${CI_COMMIT_BRANCH}
+
+ARG CI_COMMIT_SHORT_SHA
+ENV CI_COMMIT_SHORT_SHA=${CI_COMMIT_SHORT_SHA}
+
+ARG CI_COMMIT_TIMESTAMP
+ENV CI_COMMIT_TIMESTAMP=${CI_COMMIT_TIMESTAMP}
+
+ARG CI_COMMIT_SHA
+ENV CI_COMMIT_SHA=${CI_COMMIT_SHA}
+
+ADD --chmod=0755 startup.sh ${SCRIPT_ROOT}
+ADD --chmod=0755 updater.sh ${SCRIPT_ROOT}
+ADD --chmod=0755 dcron.sh ${SCRIPT_ROOT}
+ADD --chmod=0755 backup.sh /etc/periodic/weekly/backup
+
+ADD index.php ${SCRIPT_ROOT}
+ADD config.docker.php ${SCRIPT_ROOT}
+
+COPY --from=app-src . ${SRC_DIR}
+
+ARG ORIGIN_REPO_XACCEL=https://git.tt-rss.org/fox/ttrss-nginx-xaccel.git
+
+RUN git clone --depth=1 ${ORIGIN_REPO_XACCEL} ${SRC_DIR}/plugins.local/nginx_xaccel
+
+ENV OWNER_UID=1000
+ENV OWNER_GID=1000
+
+ENV PHP_WORKER_MAX_CHILDREN=5
+ENV PHP_WORKER_MEMORY_LIMIT=256M
+
+# these are applied on every startup, if set
+ENV ADMIN_USER_PASS=""
+# see classes/UserHelper.php ACCESS_LEVEL_*
+# setting this to -2 would effectively disable built-in admin user
+# unless single user mode is enabled
+ENV ADMIN_USER_ACCESS_LEVEL=""
+
+# these are applied unless user already exists
+ENV AUTO_CREATE_USER=""
+ENV AUTO_CREATE_USER_PASS=""
+ENV AUTO_CREATE_USER_ACCESS_LEVEL="0"
+
+# TODO: remove prefix from container variables not used by tt-rss itself:
+#
+# - TTRSS_NO_STARTUP_PLUGIN_UPDATES -> NO_STARTUP_PLUGIN_UPDATES
+# - TTRSS_XDEBUG_... -> XDEBUG_...
+
+# don't try to update local plugins on startup
+ENV TTRSS_NO_STARTUP_PLUGIN_UPDATES=""
+
+# TTRSS_XDEBUG_HOST defaults to host IP if unset
+ENV TTRSS_XDEBUG_ENABLED=""
+ENV TTRSS_XDEBUG_HOST=""
+ENV TTRSS_XDEBUG_PORT="9000"
+
+ENV TTRSS_DB_TYPE="pgsql"
+ENV TTRSS_DB_HOST="db"
+ENV TTRSS_DB_PORT="5432"
+
+ENV TTRSS_MYSQL_CHARSET="UTF8"
+ENV TTRSS_PHP_EXECUTABLE="/usr/bin/php81"
+ENV TTRSS_PLUGINS="auth_internal, note, nginx_xaccel"
+
+CMD ${SCRIPT_ROOT}/startup.sh
diff --git a/.docker/app/backup.sh b/.docker/app/backup.sh
new file mode 100644
index 000000000..a28c39544
--- /dev/null
+++ b/.docker/app/backup.sh
@@ -0,0 +1,31 @@
+#!/bin/sh -e
+
+DST_DIR=/backups
+KEEP_DAYS=28
+APP_ROOT=/var/www/html/tt-rss
+
+if pg_isready -h $TTRSS_DB_HOST -U $TTRSS_DB_USER; then
+ DST_FILE=ttrss-backup-$(date +%Y%m%d).sql.gz
+
+ echo backing up tt-rss database to $DST_DIR/$DST_FILE...
+
+ export PGPASSWORD=$TTRSS_DB_PASS
+
+ pg_dump --clean -h $TTRSS_DB_HOST -U $TTRSS_DB_USER $TTRSS_DB_NAME | gzip > $DST_DIR/$DST_FILE
+
+ DST_FILE=ttrss-backup-$(date +%Y%m%d).tar.gz
+
+ echo backing up tt-rss local directories to $DST_DIR/$DST_FILE...
+
+ tar -cz -f $DST_DIR/$DST_FILE $APP_ROOT/*.local \
+ $APP_ROOT/feed-icons/ \
+ $APP_ROOT/config.php
+
+ echo cleaning up...
+
+ find $DST_DIR -type f -name '*.gz' -mtime +$KEEP_DAYS -delete
+
+ echo done.
+else
+ echo backup failed: database is not ready.
+fi
diff --git a/.docker/app/config.docker.php b/.docker/app/config.docker.php
new file mode 100644
index 000000000..fbf42e43b
--- /dev/null
+++ b/.docker/app/config.docker.php
@@ -0,0 +1,8 @@
+<?php
+
+ $snippets = glob(getenv("SCRIPT_ROOT")."/config.d/*.php");
+
+ foreach ($snippets as $snippet) {
+ require_once $snippet;
+ }
+
diff --git a/.docker/app/dcron.sh b/.docker/app/dcron.sh
new file mode 100644
index 000000000..b16f15a9c
--- /dev/null
+++ b/.docker/app/dcron.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+# https://github.com/dubiousjim/dcron/issues/13
+set -e
+
+/usr/sbin/crond "$@"
diff --git a/.docker/app/index.php b/.docker/app/index.php
new file mode 100644
index 000000000..78e5c3f88
--- /dev/null
+++ b/.docker/app/index.php
@@ -0,0 +1,3 @@
+<?php
+ header("Location: /tt-rss/");
+ return;
diff --git a/.docker/app/startup.sh b/.docker/app/startup.sh
new file mode 100644
index 000000000..134428276
--- /dev/null
+++ b/.docker/app/startup.sh
@@ -0,0 +1,153 @@
+#!/bin/sh -e
+
+while ! pg_isready -h $TTRSS_DB_HOST -U $TTRSS_DB_USER; do
+ echo waiting until $TTRSS_DB_HOST is ready...
+ sleep 3
+done
+
+# We don't need those here (HTTP_HOST would cause false SELF_URL_PATH check failures)
+unset HTTP_PORT
+unset HTTP_HOST
+
+if ! id app >/dev/null 2>&1; then
+ addgroup -g $OWNER_GID app
+ adduser -D -h /var/www/html -G app -u $OWNER_UID app
+fi
+
+update-ca-certificates || true
+
+DST_DIR=/var/www/html/tt-rss
+
+[ -e $DST_DIR ] && rm -f $DST_DIR/.app_is_ready
+
+export PGPASSWORD=$TTRSS_DB_PASS
+
+[ ! -e /var/www/html/index.php ] && cp ${SCRIPT_ROOT}/index.php /var/www/html
+
+if [ ! -d $DST_DIR ]; then
+ mkdir -p $DST_DIR
+ chown $OWNER_UID:$OWNER_GID $DST_DIR
+
+ sudo -u app rsync -a \
+ $SRC_DIR/ $DST_DIR/
+else
+ chown -R $OWNER_UID:$OWNER_GID $DST_DIR
+
+ sudo -u app rsync -a --delete \
+ --exclude /cache \
+ --exclude /lock \
+ --exclude /feed-icons \
+ --exclude /plugins/af_comics/filters.local \
+ --exclude /plugins.local \
+ --exclude /templates.local \
+ --exclude /themes.local \
+ $SRC_DIR/ $DST_DIR/
+
+ sudo -u app rsync -a --delete \
+ $SRC_DIR/plugins.local/nginx_xaccel \
+ $DST_DIR/plugins.local/nginx_xaccel
+fi
+
+for d in cache lock feed-icons plugins.local themes.local; do
+ sudo -u app mkdir -p $DST_DIR/$d
+done
+
+for d in cache lock feed-icons; do
+ chmod 777 $DST_DIR/$d
+ find $DST_DIR/$d -type f -exec chmod 666 {} \;
+done
+
+sudo -u app cp ${SCRIPT_ROOT}/config.docker.php $DST_DIR/config.php
+chmod 644 $DST_DIR/config.php
+
+chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
+ /var/log/php81
+
+if [ -z "$TTRSS_NO_STARTUP_PLUGIN_UPDATES" ]; then
+ echo updating all local plugins...
+
+ find $DST_DIR/plugins.local -mindepth 1 -maxdepth 1 -type d | while read PLUGIN; do
+ if [ -d $PLUGIN/.git ]; then
+ echo updating $PLUGIN...
+
+ cd $PLUGIN && \
+ sudo -u app git config core.filemode false && \
+ sudo -u app git config pull.rebase false && \
+ sudo -u app git pull origin master || echo warning: attempt to update plugin $PLUGIN failed.
+ fi
+ done
+else
+ echo skipping local plugin updates, disabled.
+fi
+
+PSQL="psql -q -h $TTRSS_DB_HOST -U $TTRSS_DB_USER $TTRSS_DB_NAME"
+
+$PSQL -c "create extension if not exists pg_trgm"
+
+RESTORE_SCHEMA=${SCRIPT_ROOT}/restore-schema.sql.gz
+
+if [ -r $RESTORE_SCHEMA ]; then
+ $PSQL -c "drop schema public cascade; create schema public;"
+ zcat $RESTORE_SCHEMA | $PSQL
+fi
+
+# this was previously generated
+rm -f $DST_DIR/config.php.bak
+
+if [ ! -z "${TTRSS_XDEBUG_ENABLED}" ]; then
+ if [ -z "${TTRSS_XDEBUG_HOST}" ]; then
+ export TTRSS_XDEBUG_HOST=$(ip ro sh 0/0 | cut -d " " -f 3)
+ fi
+ echo enabling xdebug with the following parameters:
+ env | grep TTRSS_XDEBUG
+ cat > /etc/php81/conf.d/50_xdebug.ini <<EOF
+zend_extension=xdebug.so
+xdebug.mode=develop,trace,debug
+xdebug.start_with_request = yes
+xdebug.client_port = ${TTRSS_XDEBUG_PORT}
+xdebug.client_host = ${TTRSS_XDEBUG_HOST}
+EOF
+fi
+
+sed -i.bak "s/^\(memory_limit\) = \(.*\)/\1 = ${PHP_WORKER_MEMORY_LIMIT}/" \
+ /etc/php81/php.ini
+
+sed -i.bak "s/^\(pm.max_children\) = \(.*\)/\1 = ${PHP_WORKER_MAX_CHILDREN}/" \
+ /etc/php81/php-fpm.d/www.conf
+
+sudo -Eu app php81 $DST_DIR/update.php --update-schema=force-yes
+
+if [ ! -z "$ADMIN_USER_PASS" ]; then
+ sudo -Eu app php81 $DST_DIR/update.php --user-set-password "admin:$ADMIN_USER_PASS"
+else
+ if sudo -Eu app php81 $DST_DIR/update.php --user-check-password "admin:password"; then
+ RANDOM_PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16 ; echo '')
+
+ echo "*****************************************************************************"
+ echo "* Setting initial built-in admin user password to '$RANDOM_PASS' *"
+ echo "* If you want to set it manually, use ADMIN_USER_PASS environment variable. *"
+ echo "*****************************************************************************"
+
+ sudo -Eu app php81 $DST_DIR/update.php --user-set-password "admin:$RANDOM_PASS"
+ fi
+fi
+
+if [ ! -z "$ADMIN_USER_ACCESS_LEVEL" ]; then
+ sudo -Eu app php81 $DST_DIR/update.php --user-set-access-level "admin:$ADMIN_USER_ACCESS_LEVEL"
+fi
+
+if [ ! -z "$AUTO_CREATE_USER" ]; then
+ sudo -Eu app /bin/sh -c "php81 $DST_DIR/update.php --user-exists $AUTO_CREATE_USER ||
+ php81 $DST_DIR/update.php --force-yes --user-add \"$AUTO_CREATE_USER:$AUTO_CREATE_USER_PASS:$AUTO_CREATE_USER_ACCESS_LEVEL\""
+fi
+
+rm -f /tmp/error.log && mkfifo /tmp/error.log && chown app:app /tmp/error.log
+
+(tail -q -f /tmp/error.log >> /proc/1/fd/2) &
+
+unset ADMIN_USER_PASS
+unset AUTO_CREATE_USER_PASS
+
+touch $DST_DIR/.app_is_ready
+
+exec /usr/sbin/php-fpm81 --nodaemonize --force-stderr
diff --git a/.docker/app/updater.sh b/.docker/app/updater.sh
new file mode 100644
index 000000000..219041a59
--- /dev/null
+++ b/.docker/app/updater.sh
@@ -0,0 +1,33 @@
+#!/bin/sh -e
+
+# We don't need those here (HTTP_HOST would cause false SELF_URL_PATH check failures)
+unset HTTP_PORT
+unset HTTP_HOST
+
+unset ADMIN_USER_PASS
+unset AUTO_CREATE_USER_PASS
+
+# wait for the app container to delete .app_is_ready and perform rsync, etc.
+sleep 30
+
+if ! id app; then
+ addgroup -g $OWNER_GID app
+ adduser -D -h /var/www/html -G app -u $OWNER_UID app
+fi
+
+while ! pg_isready -h $TTRSS_DB_HOST -U $TTRSS_DB_USER; do
+ echo waiting until $TTRSS_DB_HOST is ready...
+ sleep 3
+done
+
+sed -i.bak "s/^\(memory_limit\) = \(.*\)/\1 = ${PHP_WORKER_MEMORY_LIMIT}/" \
+ /etc/php81/php.ini
+
+DST_DIR=/var/www/html/tt-rss
+
+while [ ! -s $DST_DIR/config.php -a -e $DST_DIR/.app_is_ready ]; do
+ echo waiting for app container...
+ sleep 3
+done
+
+sudo -E -u app /usr/bin/php81 /var/www/html/tt-rss/update_daemon2.php
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-10 21:05:16 +0000