container/freshrss
Archived
1
0
Fork 0
Code Issues Pull Requests Releases 36 Activity

inital commit
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Robert Kaussow 2019-10-02 09:43:32 +02:00
commit 111fa7a5dd
17 changed files with 1081 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.dockerignore Normal file
View File

@ -0,0 +1,8 @@
.git
.git*
.drone.*
*.md
.dockerignore
Dockerfile
Dockerfile.*
docker-compose.yml

148
.drone.jsonnet Normal file
View File

@ -0,0 +1,148 @@
local PipelineBuild(os='linux', arch='amd64') = {
local tag = os + '-' + arch,
local version_tag = os + '-' + arch,
local file_suffix = std.strReplace(version_tag, '-', '.'),
kind: "pipeline",
name: version_tag,
platform: {
os: os,
arch: arch,
},
steps: [
{
name: 'dryrun',
image: 'plugins/docker:' + tag,
pull: 'always',
settings: {
dry_run: true,
tags: version_tag,
dockerfile: './Dockerfile.' + file_suffix,
repo: 'xoxys/freshrss',
username: { from_secret: "docker_username" },
password: { from_secret: "docker_password" },
build_args: {
FRESHRSS_VERSION: "${DRONE_TAG%??}",
},
},
},
{
name: 'publish',
image: 'plugins/docker:' + tag,
pull: 'always',
settings: {
auto_tag: true,
auto_tag_suffix: version_tag,
dockerfile: './Dockerfile.' + file_suffix,
repo: 'xoxys/freshrss',
username: { from_secret: "docker_username" },
password: { from_secret: "docker_password" },
build_args: {
FRESHRSS_VERSION: "${DRONE_TAG%??}",
},
},
when: {
ref: [
'refs/heads/master',
'refs/tags/**',
],
},
},
{
name: "publish-gitea",
image: "plugins/gitea-release",
pull: "always",
settings: {
api_key: { "from_secret": "gitea_token" },
base_url: "https://gitea.rknet.org",
overwrite: true,
title: "${DRONE_TAG}",
note: "CHANGELOG.md",
},
when: {
ref: ['refs/tags/**'],
},
},
],
};
local PipelineNotifications(depends_on=[]) = {
kind: "pipeline",
name: "notifications",
platform: {
os: "linux",
arch: "amd64",
},
steps: [
{
image: "plugins/manifest",
name: "manifest",
pull: "always",
settings: {
ignore_missing: true,
tags: ["${DRONE_TAG}", "${DRONE_TAG%??}", "${DRONE_TAG%.*}", "${DRONE_TAG%%.*}"],
username: { from_secret: "docker_username" },
password: { from_secret: "docker_password" },
spec: "./manifest.tmpl",
},
when: {
ref: [
'refs/heads/master',
'refs/tags/**',
],
},
},
{
name: "readme",
image: "sheogorath/readme-to-dockerhub",
pull: "always",
environment: {
DOCKERHUB_USERNAME: { from_secret: "docker_username" },
DOCKERHUB_PASSWORD: { from_secret: "docker_password" },
DOCKERHUB_REPO_PREFIX: "xoxys",
DOCKERHUB_REPO_NAME: "freshrss",
README_PATH: "README.md",
SHORT_DESCRIPTION: "Rootless Kanboard - Kanban project management software"
},
when: {
ref: [
'refs/heads/master',
'refs/tags/**',
],
},
},
{
name: "microbadger",
image: "plugins/webhook",
pull: "always",
settings: {
urls: { from_secret: "microbadger_url" },
},
},
{
image: "plugins/matrix",
name: "matrix",
pull: 'always',
settings: {
homeserver: "https://matrix.rknet.org",
roomid: "MtidqQXWWAtQcByBhH:rknet.org",
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}",
username: { from_secret: "matrix_username" },
password: { from_secret: "matrix_password" },
},
when: {
status: [ "success", "failure" ],
},
},
],
trigger: {
status: [ "success", "failure" ],
},
depends_on: depends_on,
};
[
PipelineBuild(os='linux', arch='amd64'),
PipelineNotifications(depends_on=[
"linux-amd64",
])
]

135
.drone.yml Normal file
View File

@ -0,0 +1,135 @@
---
kind: pipeline
name: linux-amd64
platform:
os: linux
arch: amd64
steps:
- name: dryrun
pull: always
image: plugins/docker:linux-amd64
settings:
build_args:
FRESHRSS_VERSION: "${DRONE_TAG%??}"
dockerfile: ./Dockerfile.linux.amd64
dry_run: true
password:
from_secret: docker_password
repo: xoxys/freshrss
tags: linux-amd64
username:
from_secret: docker_username
- name: publish
pull: always
image: plugins/docker:linux-amd64
settings:
auto_tag: true
auto_tag_suffix: linux-amd64
build_args:
FRESHRSS_VERSION: "${DRONE_TAG%??}"
dockerfile: ./Dockerfile.linux.amd64
password:
from_secret: docker_password
repo: xoxys/freshrss
username:
from_secret: docker_username
when:
ref:
- refs/heads/master
- "refs/tags/**"
- name: publish-gitea
pull: always
image: plugins/gitea-release
settings:
api_key:
from_secret: gitea_token
base_url: https://gitea.rknet.org
note: CHANGELOG.md
overwrite: true
title: "${DRONE_TAG}"
when:
ref:
- "refs/tags/**"
---
kind: pipeline
name: notifications
platform:
os: linux
arch: amd64
steps:
- name: manifest
pull: always
image: plugins/manifest
settings:
ignore_missing: true
password:
from_secret: docker_password
spec: ./manifest.tmpl
tags:
- "${DRONE_TAG}"
- "${DRONE_TAG%??}"
- "${DRONE_TAG%.*}"
- "${DRONE_TAG%%.*}"
username:
from_secret: docker_username
when:
ref:
- refs/heads/master
- "refs/tags/**"
- name: readme
pull: always
image: sheogorath/readme-to-dockerhub
environment:
DOCKERHUB_PASSWORD:
from_secret: docker_password
DOCKERHUB_REPO_NAME: freshrss
DOCKERHUB_REPO_PREFIX: xoxys
DOCKERHUB_USERNAME:
from_secret: docker_username
README_PATH: README.md
SHORT_DESCRIPTION: Rootless Kanboard - Kanban project management software
when:
ref:
- refs/heads/master
- "refs/tags/**"
- name: microbadger
pull: always
image: plugins/webhook
settings:
urls:
from_secret: microbadger_url
- name: matrix
pull: always
image: plugins/matrix
settings:
homeserver: https://matrix.rknet.org
password:
from_secret: matrix_password
roomid: MtidqQXWWAtQcByBhH:rknet.org
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
username:
from_secret: matrix_username
when:
status:
- success
- failure
trigger:
status:
- success
- failure
depends_on:
- linux-amd64
...

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
test/

3
CHANGELOG.md Normal file
View File

@ -0,0 +1,3 @@
* BUGFIX
* fix port in healthcheck script
* small vhost adjustments

52
Dockerfile.linux.amd64 Normal file
View File

@ -0,0 +1,52 @@
FROM xoxys/nginx:latest
LABEL maintainer="Robert Kaussow <mail@geeklabor.de>" \
org.label-schema.name="FreshRSS" \
org.label-schema.version="1.2" \
org.label-schema.vendor="Robert Kaussow" \
org.label-schema.schema-version="1.0"
ARG FRESHRSS_VERSION=master
ARG FRESHRSS_TARBALL=https://github.com/FreshRSS/FreshRSS/archive/${FRESHRSS_VERSION}.tar.gz
RUN apk --update add --virtual .build-deps tar curl && \
apk --update add php7 php7-curl php7-fpm php7-gmp php7-intl php7-mbstring php7-xml \
php7-zip php7-ctype php7-dom php7-fileinfo php7-iconv php7-json php7-session \
php7-simplexml php7-xmlreader php7-zlib php7-pdo_sqlite php7-pdo_mysql\
php7-pdo_pgsql && \
rm -rf /var/www/localhost && \
rm -f /etc/php7/php-fpm.d/www.conf && \
mkdir -p /var/www/app && \
curl -SsL ${FRESHRSS_TARBALL} | tar xz -C /var/www/app/ --strip-components=1 && \
curl -SsL -o /etc/php7/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI && \
curl -SsL -o /usr/local/bin/supercronic https://github.com/aptible/supercronic/releases/download/v0.1.9/supercronic-linux-amd64 && \
chmod 755 /usr/local/bin/supercronic && \
apk del .build-deps && \
rm -rf /var/cache/apk/* && \
rm -rf /tmp/* && \
rm -rf /var/www/app/CHANGELOG.md /var/www/app/CONTRIBUTING.md /var/www/app/CREDITS.md /var/www/app/Docker /var/www/app/README.* && \
mkdir -p /var/run/php && \
chown -R nginx /var/run/php && \
mkdir -p /var/lib/php/tmp_upload && \
mkdir -p /var/lib/php/soap_cache && \
mkdir -p /var/lib/php/session && \
chown -R nginx /var/lib/php && \
chown nginx /etc/php7/php.ini && \
chown -R nginx:nginx /var/www/app
ADD overlay/ /
VOLUME /var/www/app/extensions
VOLUME /var/www/app/data
EXPOSE 8080
USER nginx
STOPSIGNAL SIGTERM
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
HEALTHCHECK --interval=37s --timeout=5s --retries=3 \
CMD (php -r "readfile('http://localhost:8080/i/');" | grep -q 'jsonVars') || exit 1
WORKDIR /var/www/app
CMD []

21
LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2019 Robert Kaussow
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished
to do so, subject to the following conditions:
The above copyright notice and this permission notice (including the next
paragraph) shall be included in all copies or substantial portions of the
Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS
OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

140
README.md Normal file
View File

@ -0,0 +1,140 @@
# [freshrss](https://gitea.rknet.org/docker/freshrss)
[![Build Status](https://drone.rknet.org/api/badges/docker/freshrss/status.svg)](https://drone.rknet.org/docker/freshrss/)
[![Microbadger](https://images.microbadger.com/badges/image/xoxys/freshrss.svg)](https://microbadger.com/images/xoxys/freshrss "Get your own image badge on microbadger.com")
FreshRSS is a self-hosted RSS feed aggregator. It is lightweight, easy to work with, powerful, and customizable.
## Usage
Here are some example snippets to help you get started creating a container. This repository is just a wrapper to build a community docker image from [freshrss](https://github.com/freshrss/freshrss) releases.
> **WARNING**: For production usage you should secure your setup and NOT use the default secrets e.g. for database, default user and salt!
### Docker
```Shell
docker create \
--name=freshrss \
-p 80:8080 \
xoxys/freshrss
```
### Docker Compose
Compatible with docker-compose v2 schemas.
```Yaml
---
version: '2.1'
services:
freshrss:
container_name: freshrss
image: xoxys/freshrss:latest
ports:
- "80:8080"
volumes:
- freshrss_data:/var/www/app/data
- freshrss_extensions:/var/www/app/extensions
environment:
FRESHRSS_DEFAULT_USER: admin
FRESHRSS_DEFAULT_PASSWORD: freshrss
FRESHRSS_API_ENABLED: "true"
FRESHRSS_SALT: 38fd29ac5878c270bbfc3599723cd479d48c6c58
volumes:
freshrss_data:
driver: local
freshrss_extensions:
driver: local
```
## Environment variables
### freshrss
> **WARNING**: Don't change any system settings through the web UI! These changes will be overwritten at EVERY container startup. Use the provided environment variables instead.
```Shell
FRESHRSS_ENVIRONMENT="production"
FRESHRSS_DEFAULT_USER: "admin"
FRESHRSS_DEFAULT_PASSWORD: "freshrss"
# Salt is used to make crypto more unique.
# Can be generated with e.g. cat /proc/sys/kernel/random/uuid | sha1sum | awk '{print $1}'
FRESHRSS_SALT=
# Specify address of the FreshRSS instance,
# used when building absolute URLs, e.g. for WebSub.
FRESHRSS_BASE_URL="http://localhost/"
FRESHRSS_LANGUAGE="en"
FRESHRSS_TITLE="FreshRSS"
FRESHRSS_META_DESCRIPTION
FRESHRSS_DEFAULT_USER="_"
FRESHRSS_ALLOW_ANONYMOUS="false"
FRESHRSS_ALLOW_ANONYMOUS_REFRESH="false"
FRESHRSS_AUTH_TYPE="form"
FRESHRSS_API_ENABLED="false"
FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED="false"
FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED="true"
FRESHRSS_PUBSUBHUBBUB_ENABLED="false"
FRESHRSS_ALLOW_ROBOTS="false"
FRESHRSS_ALLOW_REFERRER="false"
FRESHRSS_LIMITS_COOKIE_DURATION="2592000"
FRESHRSS_LIMITS_CACHE_DURATION="800"
FRESHRSS_LIMITS_TIMEOUT="15"
FRESHRSS_LIMITS_MAX_INACTIVITY="10800"
FRESHRSS_LIMITS_MAX_FEEDS="16384"
FRESHRSS_LIMITS_MAX_CATEGORIES="16384"
FRESHRSS_LIMITS_MAX_REGISTRATIONS="1"
FRESHRSS_CURLOPT_SSL_VERIFYHOST=
FRESHRSS_CURLOPT_SSL_VERIFYPEER=
FRESHRSS_CURLOPT_PROXYTYPE=
FRESHRSS_CURLOPT_PROXY=
FRESHRSS_CURLOPT_PROXYPORT=
FRESHRSS_CURLOPT_PROXYAUTH=
FRESHRSS_CURLOPT_PROXYUSERPWD=
FRESHRSS_DB_TYPE="sqlite"
FRESHRSS_DB_HOST="localhost"
FRESHRSS_DB_USER=
FRESHRSS_DB_PASSWORD=
FRESHRSS_DB_BASE=
FRESHRSS_DB_PREFIX="freshrss_"
## comma-seperated string, extensions must be installed!
FRESHRSS_EXTENSIONS_ENABLED="Tumblr-GDPR"
```
### PHP
```Shell
PHP_EXPOSE_PHP=Off
PHP_MAX_EXECUTION_TIME=30
PHP_MAX_INPUT_TIME=60
PHP_MEMORY_LIMIT=50M
PHP_ERROR_REPORTING=E_ALL & ~E_DEPRECATED & ~E_STRICT
PHP_DISPLAY_ERRORS=Off
PHP_DISPLAY_STARTUP_ERRORS=Off
PHP_LOG_ERRORS=On
PHP_LOG_ERRORS_MAX_LEN=1024
PHP_IGNORE_REPEATED_ERRORS=Off
PHP_IGNORE_REPEATED_SOURCE=Off
PHP_REPORT_MEMLEAKS=On
PHP_HTML_ERRORSOn
PHP_ERROR_LOG=/proc/self/fd/2
PHP_POST_MAX_SIZE=8M
PHP_FILE_UPLOADS=Off
PHP_UPLOAD_MAX_FILESIZE=2M
PHP_MAX_FILE_UPLOADS=2
PHP_ALLOW_URL_FOPEN=On
PHP_ALLOW_URL_INCLUDE=Off
PHP_DATE_TIMEZONE=Europe/Berlin
PHP_SQL_SAFE_MODE=On
```
### License
This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/freshrss/src/branch/master/LICENSE) file for details.
### Maintainers and Contributors
[Robert Kaussow](https://gitea.rknet.org/xoxys)

23
docker-compose.yml Normal file
View File

@ -0,0 +1,23 @@
---
version: '2.1'
services:
freshrss:
container_name: freshrss
image: xoxys/freshrss:latest
ports:
- "80:8080"
volumes:
- freshrss_data:/var/www/app/data
- freshrss_extensions:/var/www/app/extensions
environment:
FRESHRSS_DEFAULT_USER: admin
FRESHRSS_DEFAULT_PASSWORD: freshrss
FRESHRSS_API_ENABLED: "true"
FRESHRSS_SALT: 38fd29ac5878c270bbfc3599723cd479d48c6c58
volumes:
freshrss_data:
driver: local
freshrss_extensions:
driver: local

15
manifest.tmpl Normal file
View File

@ -0,0 +1,15 @@
image: xoxys/freshrss:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
{{#if build.tags}}
tags:
{{#each build.tags}}
{{#if this}}
- {{trimPrefix "v" this}}
- {{trimPrefix "v" this}}-linux-amd64
{{/if}}
{{/each}}
{{/if}}
manifests:
- image: xoxys/freshrss:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
platform:
architecture: amd64
os: linux

2
overlay/etc/crontabs/nginx Normal file
View File

@ -0,0 +1,2 @@
SHELL=/bin/sh
*/15 * * * * /usr/bin/php -f /var/www/app/app/actualize_script.php >/dev/null 2>&1

18
overlay/etc/nginx/vhost.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 8080;
server_name localhost;
index index index.php index.html index.htm;
root /var/www/app/p/;
location ~ ^.+?\.php(/.*)?$ {
fastcgi_pass unix:/var/run/php/php-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location / {
try_files $uri $uri/ index.php;
}
}

21
overlay/etc/php7/php-fpm.conf Normal file
View File

@ -0,0 +1,21 @@
[global]
error_log = /proc/self/fd/2
log_level = warning
daemonize = no
[www]
catch_workers_output = yes
user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx
listen = /var/run/php/php-fpm.sock
pm = dynamic
pm.max_children = 20
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 3
pm.max_requests = 2048

73
overlay/etc/templates/config.php.tmpl Normal file
View File

@ -0,0 +1,73 @@
<?php
return array(
'environment' => '{{ getenv "FRESHRSS_ENVIRONMENT" "production" }}',
'salt' => '{{ getenv "FRESHRSS_SALT" }}',
'base_url' => '{{ getenv "FRESHRSS_BASE_URL" "http://localhost/" }}',
'auto_update_url' => 'https://update.freshrss.org',
'language' => '{{ getenv "FRESHRSS_LANGUAGE" "en" }}',
'title' => '{{ getenv "FRESHRSS_TITLE" "FreshRSS" }}',
'meta_description' => '{{ getenv "FRESHRSS_META_DESCRIPTION" }}',
'default_user' => '{{ getenv "FRESHRSS_DEFAULT_USER" "_" }}',
'allow_anonymous' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS" "false" }},
'allow_anonymous_refresh' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS_REFRESH" "false" }},
'auth_type' => '{{ getenv "FRESHRSS_AUTH_TYPE" "form" }}',
'api_enabled' => {{ getenv "FRESHRSS_API_ENABLED" "false" }},
'unsafe_autologin_enabled' => {{ getenv "FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED" "false" }},
'simplepie_syslog_enabled' => {{ getenv "FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED" "true" }},
'pubsubhubbub_enabled' => {{ getenv "FRESHRSS_PUBSUBHUBBUB_ENABLED" "false" }},
'allow_robots' => {{ getenv "FRESHRSS_ALLOW_ROBOTS" "false" }},
'allow_referrer' => {{ getenv "FRESHRSS_ALLOW_REFERRER" "false" }},
'limits' => array(
'cookie_duration' => {{ getenv "FRESHRSS_LIMITS_COOKIE_DURATION" "2592000" }},
'cache_duration' => {{ getenv "FRESHRSS_LIMITS_CACHE_DURATION" "800" }},
'timeout' => {{ getenv "FRESHRSS_LIMITS_TIMEOUT" "15" }},
'max_inactivity' => {{ getenv "FRESHRSS_LIMITS_MAX_INACTIVITY" "10800" }},
'max_feeds' => {{ getenv "FRESHRSS_LIMITS_MAX_FEEDS" "16384" }},
'max_categories' => {{ getenv "FRESHRSS_LIMITS_MAX_CATEGORIES" "16384" }},
'max_registrations' => {{ getenv "FRESHRSS_LIMITS_MAX_REGISTRATIONS" "1" }},
),
'curl_options' => array(
{{- if not (bool (getenv "FRESHRSS_CURLOPT_SSL_VERIFYHOST" "true")) }}
CURLOPT_SSL_VERIFYHOST => {{ getenv "FRESHRSS_CURLOPT_SSL_VERIFYHOST" }},
{{- end }}
{{- if not (bool (getenv "FRESHRSS_CURLOPT_SSL_VERIFYPEER" "true")) }}
CURLOPT_SSL_VERIFYPEER => {{ getenv "FRESHRSS_CURLOPT_SSL_VERIFYPEER" }},
{{- end }}
{{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYTYPE" "true")) }}
CURLOPT_PROXYTYPE => {{ getenv "FRESHRSS_CURLOPT_PROXYTYPE" }},
{{- end }}
{{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXY" "true" )) }}
CURLOPT_PROXY => '{{ getenv "FRESHRSS_CURLOPT_PROXY" }}',
{{- end }}
{{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYPORT" "true" )) }}
CURLOPT_PROXYPORT => {{ getenv "FRESHRSS_CURLOPT_PROXYPORT" }},
{{- end }}
{{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYAUTH" "true" )) }}
CURLOPT_PROXYAUTH => {{ getenv "FRESHRSS_CURLOPT_PROXYAUTH" }},
{{- end }}
{{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYUSERPWD" "true" )) }}
CURLOPT_PROXYUSERPWD => '{{ getenv "FRESHRSS_CURLOPT_PROXYUSERPWD" }}',
{{- end }}
),
'db' => array(
'type' => '{{ getenv "FRESHRSS_DB_TYPE" "sqlite" }}',
'host' => '{{ getenv "FRESHRSS_DB_HOST" "localhost" }}',
'user' => '{{ getenv "FRESHRSS_DB_USER" }}',
'password' => '{{ getenv "FRESHRSS_DB_PASSWORD" }}',
'base' => '{{ getenv "FRESHRSS_DB_BASE" }}',
'prefix' => '{{ getenv "FRESHRSS_DB_PREFIX" "freshrss_" }}',
'pdo_options' => array(),
),
'extensions_enabled' => array(
{{- range (getenv "FRESHRSS_EXTENSIONS_ENABLED" "Tumblr-GDPR" | strings.Split ",") }}
'{{ . | strings.TrimSpace }}' => true,
{{- end }}
),
'disable_update' => true,
);

15
overlay/etc/templates/constants.local.php.tmpl Normal file
View File

@ -0,0 +1,15 @@
<?php
safe_define('FRESHRSS_USERAGENT', 'FreshRSS/' . FRESHRSS_VERSION . ' (' . PHP_OS . '; ' . FRESHRSS_WEBSITE . ')');
safe_define('PHP_COMPRESSION', false);
safe_define('COPY_SYSLOG_TO_STDERR', true);
safe_define('MAX_LOG_SIZE', 1048576);
safe_define('DATA_PATH', FRESHRSS_PATH . '/data');
safe_define('UPDATE_FILENAME', DATA_PATH . '/update.php');
safe_define('USERS_PATH', DATA_PATH . '/users');
safe_define('ADMIN_LOG', USERS_PATH . '/_/log.txt');
safe_define('API_LOG', USERS_PATH . '/_/log_api.txt');
safe_define('CACHE_PATH', DATA_PATH . '/cache');
safe_define('PSHB_LOG', USERS_PATH . '/_/log_pshb.txt');
safe_define('PSHB_PATH', DATA_PATH . '/PubSubHubbub');
safe_define('TMP_PATH', CACHE_PATH);

391
overlay/etc/templates/php.ini.tmpl Normal file
View File

@ -0,0 +1,391 @@
[PHP]
user_ini.filename = ".user.ini"
user_ini.cache_ttl = 300
engine = On
short_open_tag = Off
precision = 14
output_buffering = 0
;output_handler =
zlib.output_compression = Off
;zlib.output_compression_level = -1
;zlib.output_handler =
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
open_basedir = "/var/www/app:/var/lib/php/tmp_upload:/var/lib/php/session:/var/lib/php/soap_cache"
disable_functions = system, exec, shell_exec, phpinfo, show_source, highlight_file, popen, proc_open, fopen_with_path, dbmopen, dbase_open, move_uploaded_file, chmod, rename, filepro, filepro_rowcount, filepro_retrieve, posix_mkfifo
disable_classes =
;highlight.string = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
;highlight.default = #0000BB
;highlight.html = #000000
;ignore_user_abort = On
;realpath_cache_size = 16k
;realpath_cache_ttl = 120
zend.enable_gc = On
;zend.multibyte = Off
;zend.script_encoding =
expose_php = {{ getenv "PHP_EXPOSE_PHP" "Off" }}
max_execution_time = {{ getenv "PHP_MAX_EXECUTION_TIME" "30" }}
max_input_time = {{ getenv "PHP_MAX_INPUT_TIME" "60" }}
;max_input_nesting_level = 64
max_input_vars = 100
memory_limit = {{ getenv "PHP_MEMORY_LIMIT" "50M" }}
error_reporting = {{ getenv "PHP_ERROR_REPORTING" "E_ALL & ~E_DEPRECATED & ~E_STRICT" }}
display_errors = {{ getenv "PHP_DISPLAY_ERRORS" "Off" }}
display_startup_errors = {{ getenv "PHP_DISPLAY_STARTUP_ERRORS" "Off" }}
log_errors = {{ getenv "PHP_LOG_ERRORS" "On" }}
log_errors_max_len = {{ getenv "PHP_LOG_ERRORS_MAX_LEN" "1024" }}
ignore_repeated_errors = {{ getenv "PHP_IGNORE_REPEATED_ERRORS" "Off" }}
ignore_repeated_source = {{ getenv "PHP_IGNORE_REPEATED_SOURCE" "Off" }}
report_memleaks = {{ getenv "PHP_REPORT_MEMLEAKS" "On" }}
;report_zend_debug = 0
;xmlrpc_errors = 0
;xmlrpc_error_number = 0
html_errors = {{ getenv "PHP_HTML_ERRORS" "On" }}
;docref_root = "/phpmanual/"
;docref_ext = .html
;error_prepend_string = "<span style='color: #ff0000'>"
;error_append_string = "</span>"
error_log = {{ getenv "PHP_ERROR_LOG" "/proc/self/fd/2"}}
;windows.show_crt_warning
;arg_separator.output = "&amp;"
;arg_separator.input = ";&"
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
;enable_post_data_reading = Off
post_max_size = {{ getenv "PHP_POST_MAX_SIZE" "8M" }}
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
;internal_encoding =
;input_encoding =
;output_encoding =
;include_path = ".:/php7/includes"
doc_root =
user_dir =
extension_dir = "/usr/lib/php7/modules"
;sys_temp_dir = "/tmp"
enable_dl = Off
cgi.force_redirect = 1
;cgi.nph = 1
;cgi.redirect_status_env =
cgi.fix_pathinfo = 0
cgi.discard_path = 1
;fastcgi.impersonate = 1
;fastcgi.logging = 0
;cgi.rfc2616_headers = 0
;cgi.check_shebang_line = 1
file_uploads = {{ getenv "PHP_FILE_UPLOADS" "Off" }}
upload_tmp_dir = /var/lib/php/tmp_upload
upload_max_filesize = {{ getenv "PHP_UPLOAD_MAX_FILESIZE" "2M" }}
max_file_uploads = {{ getenv "PHP_MAX_FILE_UPLOADS" "2" }}
allow_url_fopen = {{ getenv "PHP_ALLOW_URL_FOPEN" "On" }}
allow_url_include = {{ getenv "PHP_ALLOW_URL_INCLUDE" "Off" }}
;from="john@doe.com"
;user_agent="PHP"
default_socket_timeout = 60
;auto_detect_line_endings = Off
[CLI Server]
cli_server.color = On
[Date]
date.timezone = {{ getenv "PHP_DATE_TIMEZONE" "Europe/Berlin" }}
;date.default_latitude = 31.7667
;date.default_longitude = 35.2333
;date.sunrise_zenith = 90.583333
;date.sunset_zenith = 90.583333
[filter]
;filter.default = unsafe_raw
;filter.default_flags =
[iconv]
;iconv.input_encoding =
;iconv.internal_encoding =
;iconv.output_encoding =
[intl]
;intl.default_locale =
;intl.error_level = E_WARNING
;intl.use_exceptions = 0
[sqlite3]
;sqlite3.extension_dir =
[Pcre]
;pcre.backtrack_limit = 100000
;pcre.recursion_limit = 100000
;pcre.jit = 1
[Pdo]
;pdo_odbc.connection_pooling = strict
;pdo_odbc.db2_instance_name
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket =
[Phar]
;phar.readonly = On
;phar.require_hash = On
;phar.cache_list =
[mail function]
SMTP = localhost
smtp_port = 25
;sendmail_path =
;mail.force_extra_parameters =
mail.add_x_header = On
;mail.log =
;mail.log = syslog
[SQL]
sql.safe_mode = {{ getenv "PHP_SQL_SAFE_MODE" "On" }}
[ODBC]
;odbc.default_db = Not yet implemented
;odbc.default_user = Not yet implemented
;odbc.default_pw = Not yet implemented
;odbc.default_cursortype
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
;birdstep.max_links = -1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
;ibase.default_db =
;ibase.default_user =
;ibase.default_password =
;ibase.default_charset =
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQLi]
;mysqli.allow_local_infile = On
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
;mysqlnd.debug =
;mysqlnd.log_mask = 0
;mysqlnd.mempool_default_size = 16000
;mysqlnd.net_cmd_buffer_size = 2048
;mysqlnd.net_read_buffer_size = 32768
;mysqlnd.net_read_timeout = 31536000
;mysqlnd.sha256_server_public_key =
[OCI8]
;oci8.privileged_connect = Off
;oci8.max_persistent = -1
;oci8.persistent_timeout = -1
;oci8.ping_interval = 60
;oci8.connection_class =
;oci8.events = Off
;oci8.statement_cache_size = 20
;oci8.default_prefetch = 100
;oci8.old_oci_close_semantics = Off
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[browscap]
browscap = /etc/php7/browscap.ini
[Session]
session.save_handler = files
session.save_path = "/var/lib/php/session"
session.use_strict_mode = 1
session.use_cookies = 1
session.cookie_secure = 0
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = Off
session.cookie_lifetime = 14400
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly = 1
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
;session.entropy_length = 32
;session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 30
session.use_trans_sid = 0
session.hash_function = sha512
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
;session.upload_progress.enabled = On
;session.upload_progress.cleanup = On
;session.upload_progress.prefix = "upload_progress_"
;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
;session.upload_progress.freq = "1%"
;session.upload_progress.min_freq = "1"
;session.lazy_write = On
[Assertion]
zend.assertions = -1
;assert.active = On
;assert.exception = On
;assert.warning = On
;assert.bail = Off
;assert.callback = 0
;assert.quiet_eval = 0
[COM]
;com.typelib_file =
;com.allow_dcom = true
;com.autoregister_typelib = true
;com.autoregister_casesensitive = false
;com.autoregister_verbose = true
;com.code_page=
[mbstring]
;mbstring.language = Japanese
;mbstring.internal_encoding =
;mbstring.http_input =
;mbstring.http_output =
;mbstring.encoding_translation = Off
;mbstring.detect_order = auto
;mbstring.substitute_character = none
;mbstring.func_overload = 0
;mbstring.strict_detection = On
;mbstring.http_output_conv_mimetype =
[gd]
;gd.jpeg_ignore_warning = 0
[exif]
;exif.encode_unicode = ISO-8859-15
;exif.decode_unicode_motorola = UCS-2BE
;exif.decode_unicode_intel = UCS-2LE
;exif.encode_jis =
;exif.decode_jis_motorola = JIS
;exif.decode_jis_intel = JIS
[Tidy]
;tidy.default_config = /usr/local/lib/php7/default.tcfg
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled = 1
soap.wsdl_cache_dir = "/var/lib/php/soap_cache"
soap.wsdl_cache_ttl = 86400
soap.wsdl_cache_limit = 5
[sysvshm]
;sysvshm.init_mem = 10000
[ldap]
ldap.max_links = -1
[mcrypt]
;mcrypt.algorithms_dir =
;mcrypt.modes_dir =
[dba]
;dba.default_handler =
[opcache]
;opcache.enable = 0
;opcache.enable_cli = 0
;opcache.memory_consumption = 64
;opcache.interned_strings_buffer = 4
;opcache.max_accelerated_files = 2000
;opcache.max_wasted_percentage = 5
;opcache.use_cwd = 1
;opcache.validate_timestamps = 1
;opcache.revalidate_freq = 2
;opcache.revalidate_path = 0
;opcache.save_comments = 1
;opcache.fast_shutdown = 0
;opcache.enable_file_override = 0
;opcache.optimization_level = 0xffffffff
;opcache.dups_fix = 0
;opcache.blacklist_filename =
;opcache.max_file_size = 0
;opcache.consistency_checks = 0
;opcache.force_restart_timeout = 180
;opcache.error_log =
;opcache.log_verbosity_level = 1
;opcache.preferred_memory_model =
;opcache.protect_memory = 0
;opcache.restrict_api =
;opcache.mmap_base =
;opcache.file_cache =
;opcache.file_cache_only = 0
;opcache.file_cache_consistency_checks = 1
;opcache.file_cache_fallback = 1
;opcache.huge_code_pages = 1
;opcache.validate_permission = 0
;opcache.validate_root = 0
[curl]
curl.cainfo = /etc/ssl/certs/ca-certificates.crt
[openssl]
openssl.cafile = /etc/ssl/certs/ca-certificates.crt
openssl.capath = /etc/ssl/certs

15
overlay/usr/local/bin/entrypoint.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/sh
/usr/local/bin/gomplate -V -o /etc/php7/php.ini -f /etc/templates/php.ini.tmpl
/usr/local/bin/gomplate -V -o /var/www/app/data/config.php -f /etc/templates/config.php.tmpl
/usr/local/bin/gomplate -V -o /var/www/app/constants.local.php -f /etc/templates/constants.local.php.tmpl
/usr/bin/php -f ./cli/prepare.php >/dev/null 2>&1
if [ "${FRESHRSS_DEFAULT_USER}" ]; then
/usr/bin/php ./cli/create-user.php --user "$FRESHRSS_DEFAULT_USER" --password "$FRESHRSS_DEFAULT_PASSWORD" >/dev/null 2>&1
/usr/bin/php ./cli/do-install.php --default_user "$FRESHRSS_DEFAULT_USER" >/dev/null 2>&1
fi
exec supercronic -split-logs /etc/crontabs/nginx 1> /dev/null &
exec php-fpm7 -F &
exec nginx -g "daemon off;"