[FEATURE] add basic docker options

- web_root - var_root - admin_password ref #247 Signed-off-by: Jerome Jutteau <jerome@jutteau.fr>
2025-04-23 04:58:19 +02:00 · 2021-01-01 19:29:18 +01:00 · 2021-01-01 19:29:18 +01:00 · 420be1d8b3
commit 420be1d8b3
parent a155e54c13
6 changed files with 99 additions and 27 deletions
--- a/16
+++ b/16
@ -2,9 +2,9 @@ FROM php:7.3-fpm-alpine
 MAINTAINER "Jérôme Jutteau <jerome@jutteau.fr>"

 # lighttpd user
-ARG USER_UID=100
+ARG USER_ID=100
 # www-data group
-ARG GROUP_UID=82
+ARG GROUP_ID=82

 # install base
 RUN apk update && \
@ -17,31 +17,27 @@ RUN mkdir /www
 WORKDIR /www
 COPY .git .git
 RUN apk add git && \
-    git reset --hard && rm -rf docker .git .gitignore .gitlab-ci.yml CONTRIBUTING.md Dockerfile README.md && \
+    git reset --hard && rm -rf docker install.php .git .gitignore .gitlab-ci.yml CONTRIBUTING.md Dockerfile README.md && \
    apk del git && \
    touch /www/lib/config.local.php && \
-    chown -R $USER_UID.$GROUP_UID /www && \
+    chown -R $USER_ID.$GROUP_ID /www && \
    chmod o=,ug=rwX -R /www

 COPY docker/cleanup.sh /cleanup.sh
-RUN chmod o=,ug=rx /cleanup.sh
 COPY docker/run.sh /run.sh
-RUN chmod o=,ug=rx /run.sh
+RUN chmod o=,ug=rx /cleanup.sh /run.sh
 COPY docker/docker_config.php /docker_config.php

 # install lighttpd
 RUN apk add lighttpd php7-mcrypt && \
    echo "extension=/usr/lib/php7/modules/mcrypt.so" > /usr/local/etc/php/conf.d/mcrypt.ini && \
-    chown -R $USER_UID /var/log/lighttpd && \
-    chmod oug=rwX /run && \
+    chown -R $USER_ID /var/log/lighttpd && \
    mkdir -p /usr/local/etc/php
 COPY docker/php.ini /usr/local/etc/php/php.ini
 COPY docker/lighttpd.conf /etc/lighttpd/lighttpd.conf

-
 # cleanup
 RUN rm -rf /var/cache/apk/*

-
 CMD /run.sh
 EXPOSE 80
--- a/docker/README.md
+++ b/docker/README.md
@ -8,6 +8,7 @@ docker run -d -p 8080:80 mojo42/jirafeau:latest
 ```

 Then connect on [locahost:8080](http://localhost:8080/).
+The admin console is located on `/admin.php`, check console output to get auto-generated admin password.

 # Build your own Jirafeau docker image

@ -19,11 +20,9 @@ docker build -t your/jirafeau:latest .

 # Security

-Jirafeau is run without privilidges with user id 2009. To make it able to open privilidged ports you can pass the capability, just stay with 8080 and use a reverse proxy or map the port 80:8080.
+You may be interested to run Jirafeau on port 80:
 ```
 docker run -d -p 80:80 --sysctl net.ipv4.ip_unprivileged_port_start=80 mojo42/jirafeau
-docker run -d -p 8080:80 mojo42/jirafeau
-docker run -d -p 80:80 mojo42/jirafeau
 ```

 Note that Jirafeau image does not provide any SSL/TLS. You may be interrested in using [docker compose](https://docs.docker.com/compose/) combined with [Let's Encrypt](https://letsencrypt.org/).
@ -34,6 +33,9 @@ Jirafeau docker image accept some options through environment variables to ease
 More details about options in `lib/config.original.php`.

 Available options:
+- `ADMIN_PASSWORD`: setup a specific admin password. If not set, a random password will be generated.
+- `WEB_ROOT`: setup a specific domain to point at when generating links (e.g. 'jirafeau.mydomain.com/').
+- `VAR_ROOT`: setup a specific path where to place files. default: '/data'.
 - `FILE_HASH`: can be set to `md5` (default), `partial_md5` or `random`.

 ## Few notes
--- a/docker/cleanup.sh
+++ b/docker/cleanup.sh
@ -1,5 +1,5 @@
 #!/bin/sh -e
-
+sleep 10 # avoid running cleaning before first setup
 while true
 do
    php /www/admin.php clean_expired
--- a/docker/docker_config.php
+++ b/docker/docker_config.php
@ -23,17 +23,91 @@ require(JIRAFEAU_ROOT . 'lib/settings.php');
 require(JIRAFEAU_ROOT . 'lib/functions.php');
 require(JIRAFEAU_ROOT . 'lib/lang.php');

-function env_2_cfg_string($cfg, $config_name, $env_name)
+function env_2_cfg_string(&$cfg, $config_name, $env_name, $default = null)
 {
-    $r = getenv($env_name, true);
+    $r = getenv($env_name);
    if ($r === false) {
-        return;
+        if (is_null($default)) {
+            return false;
+        } else {
+            $r = $default;
+        }
    }
-    echo("setting up '" . $env_name . "' option\n");
+    echo("setting $config_name to '$r'\n");
    $cfg[$config_name] = $r;
-    jirafeau_export_cfg($cfg);
+    return true;
+}
+
+function setup_admin_password(&$cfg)
+{
+    if (strlen($cfg['admin_password']) > 0) {
+        return true;
+    }
+    echo("setting up admin password\n");
+    $p = getenv('ADMIN_PASSWORD');
+    if ($p === false) {
+        $p = jirafeau_gen_random(20);
+        echo("auto-generated admin password: $p\n");
+    }
+    $cfg['admin_password'] = hash('sha256', $p);
+    return true;
+}
+
+function set_rights($path)
+{
+    $uid = getenv('USER_ID');
+    if ($uid === false) {
+        $uid = 100;
+    }
+    $gid = getenv('GROUP_ID');
+    if ($gid === false) {
+        $gid = 82;
+    }
+    if (!chown($path, $uid)) {
+        echo("setting up user $uid for $path: failed\n");
+        return false;
+    }
+    if (!chgrp($path, $gid)) {
+        echo("setting up group $gid for $path: failed\n");
+        return false;
+    }
+    if (!chmod($path, 0770)) {
+        echo("setting up permissions $path: failed\n");
+        return false;
+    }
+    return true;
+}
+
+function setup_var_folder(&$cfg)
+{
+    env_2_cfg_string($cfg, 'var_root', 'VAR_ROOT', '/data/');
+    $var_root = $cfg['var_root'];
+    if (!is_dir($var_root)) {
+        mkdir($var_root, 0770, true);
+    }
+    $err = jirafeau_check_var_dir($var_root);
+    if ($err['has_error']) {
+        echo("error: cannot create $var_root folder\n");
+        return false;
+    }
+    return set_rights($var_root) &&
+           set_rights($var_root . 'async') &&
+           set_rights($var_root . 'files') &&
+           set_rights($var_root . 'links');
 }

 // TODO: lots of other options to implement
-env_2_cfg_string($cfg, 'file_hash', 'FILE_HASH');
-echo("docker config done\n");
+$setup_ok = setup_admin_password($cfg) &&
+            setup_var_folder($cfg);
+env_2_cfg_string($cfg, 'web_root', 'WEB_ROOT', '');
+env_2_cfg_string($cfg, 'file_hash', 'FILE_HASH', 'md5');
+
+if ($setup_ok) {
+    $cfg['installation_done'] = true;
+    jirafeau_export_cfg($cfg);
+    echo("You can now connect to your Jirafeau instance\n");
+    exit(0);
+} else {
+    echo("Some Jirafeau options failed");
+    exit(1);
+}
--- a/install.php
+++ b/install.php
@ -148,12 +148,7 @@ case 2:
    ?></label></td>
        <td class = "field"><input type = "text" name = "web_root"
        id = "input_web_root" value = "<?php
-        echo(empty($cfg['web_root']) ?
-          $_SERVER['HTTP_HOST'] . str_replace(
-              basename(__FILE__),
-              '',
-              $_SERVER['REQUEST_URI']
-          ) : $cfg['web_root']);
+           echo(empty($cfg['web_root']) ? jirafeau_default_web_root() : $cfg['web_root']);
      ?>" size = "40" /></td>
        </tr> <tr> <td class = "info" colspan = "2"><?php
        echo t('DATA_DIR_EXPLAINATION');
--- a/lib/functions.php
+++ b/lib/functions.php
@ -1517,3 +1517,8 @@ function jirafeau_add_ending_slash($path)
 {
    return $path . ((substr($path, -1) == '/') ? '' : '/');
 }
+
+function jirafeau_default_web_root()
+{
+    return $_SERVER['HTTP_HOST'] . str_replace(basename(__FILE__), '', $_SERVER['REQUEST_URI']);
+}