commit 111fa7a5ddceb4a1b2ce973114fdc849cd79e8cd Author: Robert Kaussow Date: Wed Oct 2 09:43:32 2019 +0200 inital commit diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..e46e3b4 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,8 @@ +.git +.git* +.drone.* +*.md +.dockerignore +Dockerfile +Dockerfile.* +docker-compose.yml diff --git a/.drone.jsonnet b/.drone.jsonnet new file mode 100644 index 0000000..7b0228d --- /dev/null +++ b/.drone.jsonnet @@ -0,0 +1,148 @@ +local PipelineBuild(os='linux', arch='amd64') = { + local tag = os + '-' + arch, + local version_tag = os + '-' + arch, + local file_suffix = std.strReplace(version_tag, '-', '.'), + kind: "pipeline", + name: version_tag, + platform: { + os: os, + arch: arch, + }, + steps: [ + { + name: 'dryrun', + image: 'plugins/docker:' + tag, + pull: 'always', + settings: { + dry_run: true, + tags: version_tag, + dockerfile: './Dockerfile.' + file_suffix, + repo: 'xoxys/freshrss', + username: { from_secret: "docker_username" }, + password: { from_secret: "docker_password" }, + build_args: { + FRESHRSS_VERSION: "${DRONE_TAG%??}", + }, + }, + }, + { + name: 'publish', + image: 'plugins/docker:' + tag, + pull: 'always', + settings: { + auto_tag: true, + auto_tag_suffix: version_tag, + dockerfile: './Dockerfile.' + file_suffix, + repo: 'xoxys/freshrss', + username: { from_secret: "docker_username" }, + password: { from_secret: "docker_password" }, + build_args: { + FRESHRSS_VERSION: "${DRONE_TAG%??}", + }, + }, + when: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + }, + }, + { + name: "publish-gitea", + image: "plugins/gitea-release", + pull: "always", + settings: { + api_key: { "from_secret": "gitea_token" }, + base_url: "https://gitea.rknet.org", + overwrite: true, + title: "${DRONE_TAG}", + note: "CHANGELOG.md", + }, + when: { + ref: ['refs/tags/**'], + }, + }, + ], +}; + +local PipelineNotifications(depends_on=[]) = { + kind: "pipeline", + name: "notifications", + platform: { + os: "linux", + arch: "amd64", + }, + steps: [ + { + image: "plugins/manifest", + name: "manifest", + pull: "always", + settings: { + ignore_missing: true, + tags: ["${DRONE_TAG}", "${DRONE_TAG%??}", "${DRONE_TAG%.*}", "${DRONE_TAG%%.*}"], + username: { from_secret: "docker_username" }, + password: { from_secret: "docker_password" }, + spec: "./manifest.tmpl", + }, + when: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + }, + }, + { + name: "readme", + image: "sheogorath/readme-to-dockerhub", + pull: "always", + environment: { + DOCKERHUB_USERNAME: { from_secret: "docker_username" }, + DOCKERHUB_PASSWORD: { from_secret: "docker_password" }, + DOCKERHUB_REPO_PREFIX: "xoxys", + DOCKERHUB_REPO_NAME: "freshrss", + README_PATH: "README.md", + SHORT_DESCRIPTION: "Rootless Kanboard - Kanban project management software" + }, + when: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + }, + }, + { + name: "microbadger", + image: "plugins/webhook", + pull: "always", + settings: { + urls: { from_secret: "microbadger_url" }, + }, + }, + { + image: "plugins/matrix", + name: "matrix", + pull: 'always', + settings: { + homeserver: "https://matrix.rknet.org", + roomid: "MtidqQXWWAtQcByBhH:rknet.org", + template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}", + username: { from_secret: "matrix_username" }, + password: { from_secret: "matrix_password" }, + }, + when: { + status: [ "success", "failure" ], + }, + }, + ], + trigger: { + status: [ "success", "failure" ], + }, + depends_on: depends_on, +}; + +[ + PipelineBuild(os='linux', arch='amd64'), + PipelineNotifications(depends_on=[ + "linux-amd64", + ]) +] diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..7662830 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,135 @@ +--- +kind: pipeline +name: linux-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: dryrun + pull: always + image: plugins/docker:linux-amd64 + settings: + build_args: + FRESHRSS_VERSION: "${DRONE_TAG%??}" + dockerfile: ./Dockerfile.linux.amd64 + dry_run: true + password: + from_secret: docker_password + repo: xoxys/freshrss + tags: linux-amd64 + username: + from_secret: docker_username + +- name: publish + pull: always + image: plugins/docker:linux-amd64 + settings: + auto_tag: true + auto_tag_suffix: linux-amd64 + build_args: + FRESHRSS_VERSION: "${DRONE_TAG%??}" + dockerfile: ./Dockerfile.linux.amd64 + password: + from_secret: docker_password + repo: xoxys/freshrss + username: + from_secret: docker_username + when: + ref: + - refs/heads/master + - "refs/tags/**" + +- name: publish-gitea + pull: always + image: plugins/gitea-release + settings: + api_key: + from_secret: gitea_token + base_url: https://gitea.rknet.org + note: CHANGELOG.md + overwrite: true + title: "${DRONE_TAG}" + when: + ref: + - "refs/tags/**" + +--- +kind: pipeline +name: notifications + +platform: + os: linux + arch: amd64 + +steps: +- name: manifest + pull: always + image: plugins/manifest + settings: + ignore_missing: true + password: + from_secret: docker_password + spec: ./manifest.tmpl + tags: + - "${DRONE_TAG}" + - "${DRONE_TAG%??}" + - "${DRONE_TAG%.*}" + - "${DRONE_TAG%%.*}" + username: + from_secret: docker_username + when: + ref: + - refs/heads/master + - "refs/tags/**" + +- name: readme + pull: always + image: sheogorath/readme-to-dockerhub + environment: + DOCKERHUB_PASSWORD: + from_secret: docker_password + DOCKERHUB_REPO_NAME: freshrss + DOCKERHUB_REPO_PREFIX: xoxys + DOCKERHUB_USERNAME: + from_secret: docker_username + README_PATH: README.md + SHORT_DESCRIPTION: Rootless Kanboard - Kanban project management software + when: + ref: + - refs/heads/master + - "refs/tags/**" + +- name: microbadger + pull: always + image: plugins/webhook + settings: + urls: + from_secret: microbadger_url + +- name: matrix + pull: always + image: plugins/matrix + settings: + homeserver: https://matrix.rknet.org + password: + from_secret: matrix_password + roomid: MtidqQXWWAtQcByBhH:rknet.org + template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}" + username: + from_secret: matrix_username + when: + status: + - success + - failure + +trigger: + status: + - success + - failure + +depends_on: +- linux-amd64 + +... diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..65e3ba2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +test/ diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..72acd59 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,3 @@ +* BUGFIX + * fix port in healthcheck script + * small vhost adjustments diff --git a/Dockerfile.linux.amd64 b/Dockerfile.linux.amd64 new file mode 100644 index 0000000..c452e2f --- /dev/null +++ b/Dockerfile.linux.amd64 @@ -0,0 +1,52 @@ +FROM xoxys/nginx:latest + +LABEL maintainer="Robert Kaussow " \ + org.label-schema.name="FreshRSS" \ + org.label-schema.version="1.2" \ + org.label-schema.vendor="Robert Kaussow" \ + org.label-schema.schema-version="1.0" + +ARG FRESHRSS_VERSION=master +ARG FRESHRSS_TARBALL=https://github.com/FreshRSS/FreshRSS/archive/${FRESHRSS_VERSION}.tar.gz + +RUN apk --update add --virtual .build-deps tar curl && \ + apk --update add php7 php7-curl php7-fpm php7-gmp php7-intl php7-mbstring php7-xml \ + php7-zip php7-ctype php7-dom php7-fileinfo php7-iconv php7-json php7-session \ + php7-simplexml php7-xmlreader php7-zlib php7-pdo_sqlite php7-pdo_mysql\ + php7-pdo_pgsql && \ + rm -rf /var/www/localhost && \ + rm -f /etc/php7/php-fpm.d/www.conf && \ + mkdir -p /var/www/app && \ + curl -SsL ${FRESHRSS_TARBALL} | tar xz -C /var/www/app/ --strip-components=1 && \ + curl -SsL -o /etc/php7/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI && \ + curl -SsL -o /usr/local/bin/supercronic https://github.com/aptible/supercronic/releases/download/v0.1.9/supercronic-linux-amd64 && \ + chmod 755 /usr/local/bin/supercronic && \ + apk del .build-deps && \ + rm -rf /var/cache/apk/* && \ + rm -rf /tmp/* && \ + rm -rf /var/www/app/CHANGELOG.md /var/www/app/CONTRIBUTING.md /var/www/app/CREDITS.md /var/www/app/Docker /var/www/app/README.* && \ + mkdir -p /var/run/php && \ + chown -R nginx /var/run/php && \ + mkdir -p /var/lib/php/tmp_upload && \ + mkdir -p /var/lib/php/soap_cache && \ + mkdir -p /var/lib/php/session && \ + chown -R nginx /var/lib/php && \ + chown nginx /etc/php7/php.ini && \ + chown -R nginx:nginx /var/www/app + +ADD overlay/ / + +VOLUME /var/www/app/extensions +VOLUME /var/www/app/data + +EXPOSE 8080 + +USER nginx + +STOPSIGNAL SIGTERM + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +HEALTHCHECK --interval=37s --timeout=5s --retries=3 \ + CMD (php -r "readfile('http://localhost:8080/i/');" | grep -q 'jsonVars') || exit 1 +WORKDIR /var/www/app +CMD [] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..c6674cc --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2019 Robert Kaussow + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice (including the next +paragraph) shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS +OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF +OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..8f4fb54 --- /dev/null +++ b/README.md @@ -0,0 +1,140 @@ +# [freshrss](https://gitea.rknet.org/docker/freshrss) + +[![Build Status](https://drone.rknet.org/api/badges/docker/freshrss/status.svg)](https://drone.rknet.org/docker/freshrss/) +[![Microbadger](https://images.microbadger.com/badges/image/xoxys/freshrss.svg)](https://microbadger.com/images/xoxys/freshrss "Get your own image badge on microbadger.com") + +FreshRSS is a self-hosted RSS feed aggregator. It is lightweight, easy to work with, powerful, and customizable. + +## Usage + +Here are some example snippets to help you get started creating a container. This repository is just a wrapper to build a community docker image from [freshrss](https://github.com/freshrss/freshrss) releases. + +> **WARNING**: For production usage you should secure your setup and NOT use the default secrets e.g. for database, default user and salt! + +### Docker + +```Shell +docker create \ + --name=freshrss \ + -p 80:8080 \ + xoxys/freshrss +``` + +### Docker Compose + +Compatible with docker-compose v2 schemas. + +```Yaml +--- +version: '2.1' + +services: + freshrss: + container_name: freshrss + image: xoxys/freshrss:latest + ports: + - "80:8080" + volumes: + - freshrss_data:/var/www/app/data + - freshrss_extensions:/var/www/app/extensions + environment: + FRESHRSS_DEFAULT_USER: admin + FRESHRSS_DEFAULT_PASSWORD: freshrss + FRESHRSS_API_ENABLED: "true" + FRESHRSS_SALT: 38fd29ac5878c270bbfc3599723cd479d48c6c58 + +volumes: + freshrss_data: + driver: local + freshrss_extensions: + driver: local + +``` + +## Environment variables + +### freshrss + +> **WARNING**: Don't change any system settings through the web UI! These changes will be overwritten at EVERY container startup. Use the provided environment variables instead. + +```Shell +FRESHRSS_ENVIRONMENT="production" +FRESHRSS_DEFAULT_USER: "admin" +FRESHRSS_DEFAULT_PASSWORD: "freshrss" +# Salt is used to make crypto more unique. +# Can be generated with e.g. cat /proc/sys/kernel/random/uuid | sha1sum | awk '{print $1}' +FRESHRSS_SALT= +# Specify address of the FreshRSS instance, +# used when building absolute URLs, e.g. for WebSub. +FRESHRSS_BASE_URL="http://localhost/" +FRESHRSS_LANGUAGE="en" +FRESHRSS_TITLE="FreshRSS" +FRESHRSS_META_DESCRIPTION +FRESHRSS_DEFAULT_USER="_" +FRESHRSS_ALLOW_ANONYMOUS="false" +FRESHRSS_ALLOW_ANONYMOUS_REFRESH="false" +FRESHRSS_AUTH_TYPE="form" +FRESHRSS_API_ENABLED="false" +FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED="false" +FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED="true" +FRESHRSS_PUBSUBHUBBUB_ENABLED="false" +FRESHRSS_ALLOW_ROBOTS="false" +FRESHRSS_ALLOW_REFERRER="false" +FRESHRSS_LIMITS_COOKIE_DURATION="2592000" +FRESHRSS_LIMITS_CACHE_DURATION="800" +FRESHRSS_LIMITS_TIMEOUT="15" +FRESHRSS_LIMITS_MAX_INACTIVITY="10800" +FRESHRSS_LIMITS_MAX_FEEDS="16384" +FRESHRSS_LIMITS_MAX_CATEGORIES="16384" +FRESHRSS_LIMITS_MAX_REGISTRATIONS="1" +FRESHRSS_CURLOPT_SSL_VERIFYHOST= +FRESHRSS_CURLOPT_SSL_VERIFYPEER= +FRESHRSS_CURLOPT_PROXYTYPE= +FRESHRSS_CURLOPT_PROXY= +FRESHRSS_CURLOPT_PROXYPORT= +FRESHRSS_CURLOPT_PROXYAUTH= +FRESHRSS_CURLOPT_PROXYUSERPWD= +FRESHRSS_DB_TYPE="sqlite" +FRESHRSS_DB_HOST="localhost" +FRESHRSS_DB_USER= +FRESHRSS_DB_PASSWORD= +FRESHRSS_DB_BASE= +FRESHRSS_DB_PREFIX="freshrss_" +## comma-seperated string, extensions must be installed! +FRESHRSS_EXTENSIONS_ENABLED="Tumblr-GDPR" +``` + +### PHP + +```Shell +PHP_EXPOSE_PHP=Off +PHP_MAX_EXECUTION_TIME=30 +PHP_MAX_INPUT_TIME=60 +PHP_MEMORY_LIMIT=50M +PHP_ERROR_REPORTING=E_ALL & ~E_DEPRECATED & ~E_STRICT +PHP_DISPLAY_ERRORS=Off +PHP_DISPLAY_STARTUP_ERRORS=Off +PHP_LOG_ERRORS=On +PHP_LOG_ERRORS_MAX_LEN=1024 +PHP_IGNORE_REPEATED_ERRORS=Off +PHP_IGNORE_REPEATED_SOURCE=Off +PHP_REPORT_MEMLEAKS=On +PHP_HTML_ERRORSOn +PHP_ERROR_LOG=/proc/self/fd/2 +PHP_POST_MAX_SIZE=8M +PHP_FILE_UPLOADS=Off +PHP_UPLOAD_MAX_FILESIZE=2M +PHP_MAX_FILE_UPLOADS=2 +PHP_ALLOW_URL_FOPEN=On +PHP_ALLOW_URL_INCLUDE=Off +PHP_DATE_TIMEZONE=Europe/Berlin +PHP_SQL_SAFE_MODE=On +``` + +### License + +This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/freshrss/src/branch/master/LICENSE) file for details. + +### Maintainers and Contributors + +[Robert Kaussow](https://gitea.rknet.org/xoxys) diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..935a2f6 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,23 @@ +--- +version: '2.1' + +services: + freshrss: + container_name: freshrss + image: xoxys/freshrss:latest + ports: + - "80:8080" + volumes: + - freshrss_data:/var/www/app/data + - freshrss_extensions:/var/www/app/extensions + environment: + FRESHRSS_DEFAULT_USER: admin + FRESHRSS_DEFAULT_PASSWORD: freshrss + FRESHRSS_API_ENABLED: "true" + FRESHRSS_SALT: 38fd29ac5878c270bbfc3599723cd479d48c6c58 + +volumes: + freshrss_data: + driver: local + freshrss_extensions: + driver: local diff --git a/manifest.tmpl b/manifest.tmpl new file mode 100644 index 0000000..cd2c37e --- /dev/null +++ b/manifest.tmpl @@ -0,0 +1,15 @@ +image: xoxys/freshrss:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} +{{#if build.tags}} +tags: +{{#each build.tags}} + {{#if this}} + - {{trimPrefix "v" this}} + - {{trimPrefix "v" this}}-linux-amd64 + {{/if}} +{{/each}} +{{/if}} +manifests: + - image: xoxys/freshrss:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64 + platform: + architecture: amd64 + os: linux diff --git a/overlay/etc/crontabs/nginx b/overlay/etc/crontabs/nginx new file mode 100644 index 0000000..c57cf9a --- /dev/null +++ b/overlay/etc/crontabs/nginx @@ -0,0 +1,2 @@ +SHELL=/bin/sh +*/15 * * * * /usr/bin/php -f /var/www/app/app/actualize_script.php >/dev/null 2>&1 diff --git a/overlay/etc/nginx/vhost.conf b/overlay/etc/nginx/vhost.conf new file mode 100644 index 0000000..6e2121a --- /dev/null +++ b/overlay/etc/nginx/vhost.conf @@ -0,0 +1,18 @@ +server { + listen 8080; + server_name localhost; + index index index.php index.html index.htm; + root /var/www/app/p/; + + location ~ ^.+?\.php(/.*)?$ { + fastcgi_pass unix:/var/run/php/php-fpm.sock; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + location / { + try_files $uri $uri/ index.php; + } +} diff --git a/overlay/etc/php7/php-fpm.conf b/overlay/etc/php7/php-fpm.conf new file mode 100644 index 0000000..c5f6603 --- /dev/null +++ b/overlay/etc/php7/php-fpm.conf @@ -0,0 +1,21 @@ +[global] +error_log = /proc/self/fd/2 +log_level = warning +daemonize = no + +[www] +catch_workers_output = yes + +user = nginx +group = nginx + +listen.owner = nginx +listen.group = nginx +listen = /var/run/php/php-fpm.sock + +pm = dynamic +pm.max_children = 20 +pm.start_servers = 1 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 +pm.max_requests = 2048 diff --git a/overlay/etc/templates/config.php.tmpl b/overlay/etc/templates/config.php.tmpl new file mode 100644 index 0000000..d0c8ec6 --- /dev/null +++ b/overlay/etc/templates/config.php.tmpl @@ -0,0 +1,73 @@ + '{{ getenv "FRESHRSS_ENVIRONMENT" "production" }}', + 'salt' => '{{ getenv "FRESHRSS_SALT" }}', + 'base_url' => '{{ getenv "FRESHRSS_BASE_URL" "http://localhost/" }}', + 'auto_update_url' => 'https://update.freshrss.org', + 'language' => '{{ getenv "FRESHRSS_LANGUAGE" "en" }}', + 'title' => '{{ getenv "FRESHRSS_TITLE" "FreshRSS" }}', + 'meta_description' => '{{ getenv "FRESHRSS_META_DESCRIPTION" }}', + 'default_user' => '{{ getenv "FRESHRSS_DEFAULT_USER" "_" }}', + 'allow_anonymous' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS" "false" }}, + 'allow_anonymous_refresh' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS_REFRESH" "false" }}, + 'auth_type' => '{{ getenv "FRESHRSS_AUTH_TYPE" "form" }}', + 'api_enabled' => {{ getenv "FRESHRSS_API_ENABLED" "false" }}, + 'unsafe_autologin_enabled' => {{ getenv "FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED" "false" }}, + 'simplepie_syslog_enabled' => {{ getenv "FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED" "true" }}, + 'pubsubhubbub_enabled' => {{ getenv "FRESHRSS_PUBSUBHUBBUB_ENABLED" "false" }}, + 'allow_robots' => {{ getenv "FRESHRSS_ALLOW_ROBOTS" "false" }}, + 'allow_referrer' => {{ getenv "FRESHRSS_ALLOW_REFERRER" "false" }}, + + 'limits' => array( + 'cookie_duration' => {{ getenv "FRESHRSS_LIMITS_COOKIE_DURATION" "2592000" }}, + 'cache_duration' => {{ getenv "FRESHRSS_LIMITS_CACHE_DURATION" "800" }}, + 'timeout' => {{ getenv "FRESHRSS_LIMITS_TIMEOUT" "15" }}, + 'max_inactivity' => {{ getenv "FRESHRSS_LIMITS_MAX_INACTIVITY" "10800" }}, + 'max_feeds' => {{ getenv "FRESHRSS_LIMITS_MAX_FEEDS" "16384" }}, + 'max_categories' => {{ getenv "FRESHRSS_LIMITS_MAX_CATEGORIES" "16384" }}, + 'max_registrations' => {{ getenv "FRESHRSS_LIMITS_MAX_REGISTRATIONS" "1" }}, + ), + + 'curl_options' => array( + {{- if not (bool (getenv "FRESHRSS_CURLOPT_SSL_VERIFYHOST" "true")) }} + CURLOPT_SSL_VERIFYHOST => {{ getenv "FRESHRSS_CURLOPT_SSL_VERIFYHOST" }}, + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_SSL_VERIFYPEER" "true")) }} + CURLOPT_SSL_VERIFYPEER => {{ getenv "FRESHRSS_CURLOPT_SSL_VERIFYPEER" }}, + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYTYPE" "true")) }} + CURLOPT_PROXYTYPE => {{ getenv "FRESHRSS_CURLOPT_PROXYTYPE" }}, + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXY" "true" )) }} + CURLOPT_PROXY => '{{ getenv "FRESHRSS_CURLOPT_PROXY" }}', + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYPORT" "true" )) }} + CURLOPT_PROXYPORT => {{ getenv "FRESHRSS_CURLOPT_PROXYPORT" }}, + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYAUTH" "true" )) }} + CURLOPT_PROXYAUTH => {{ getenv "FRESHRSS_CURLOPT_PROXYAUTH" }}, + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYUSERPWD" "true" )) }} + CURLOPT_PROXYUSERPWD => '{{ getenv "FRESHRSS_CURLOPT_PROXYUSERPWD" }}', + {{- end }} + ), + + 'db' => array( + 'type' => '{{ getenv "FRESHRSS_DB_TYPE" "sqlite" }}', + 'host' => '{{ getenv "FRESHRSS_DB_HOST" "localhost" }}', + 'user' => '{{ getenv "FRESHRSS_DB_USER" }}', + 'password' => '{{ getenv "FRESHRSS_DB_PASSWORD" }}', + 'base' => '{{ getenv "FRESHRSS_DB_BASE" }}', + 'prefix' => '{{ getenv "FRESHRSS_DB_PREFIX" "freshrss_" }}', + 'pdo_options' => array(), + + ), + + 'extensions_enabled' => array( + {{- range (getenv "FRESHRSS_EXTENSIONS_ENABLED" "Tumblr-GDPR" | strings.Split ",") }} + '{{ . | strings.TrimSpace }}' => true, + {{- end }} + ), + + 'disable_update' => true, +); diff --git a/overlay/etc/templates/constants.local.php.tmpl b/overlay/etc/templates/constants.local.php.tmpl new file mode 100644 index 0000000..c11cb21 --- /dev/null +++ b/overlay/etc/templates/constants.local.php.tmpl @@ -0,0 +1,15 @@ +" +;error_append_string = "" +error_log = {{ getenv "PHP_ERROR_LOG" "/proc/self/fd/2"}} +;windows.show_crt_warning + +;arg_separator.output = "&" +;arg_separator.input = ";&" + +variables_order = "GPCS" +request_order = "GP" + +register_argc_argv = Off +auto_globals_jit = On +;enable_post_data_reading = Off +post_max_size = {{ getenv "PHP_POST_MAX_SIZE" "8M" }} + +auto_prepend_file = +auto_append_file = + +default_mimetype = "text/html" +default_charset = "UTF-8" +;internal_encoding = +;input_encoding = +;output_encoding = + +;include_path = ".:/php7/includes" + +doc_root = +user_dir = + +extension_dir = "/usr/lib/php7/modules" +;sys_temp_dir = "/tmp" +enable_dl = Off + +cgi.force_redirect = 1 +;cgi.nph = 1 +;cgi.redirect_status_env = +cgi.fix_pathinfo = 0 +cgi.discard_path = 1 + +;fastcgi.impersonate = 1 +;fastcgi.logging = 0 +;cgi.rfc2616_headers = 0 +;cgi.check_shebang_line = 1 + +file_uploads = {{ getenv "PHP_FILE_UPLOADS" "Off" }} +upload_tmp_dir = /var/lib/php/tmp_upload +upload_max_filesize = {{ getenv "PHP_UPLOAD_MAX_FILESIZE" "2M" }} +max_file_uploads = {{ getenv "PHP_MAX_FILE_UPLOADS" "2" }} + +allow_url_fopen = {{ getenv "PHP_ALLOW_URL_FOPEN" "On" }} +allow_url_include = {{ getenv "PHP_ALLOW_URL_INCLUDE" "Off" }} + +;from="john@doe.com" +;user_agent="PHP" + +default_socket_timeout = 60 +;auto_detect_line_endings = Off + +[CLI Server] +cli_server.color = On + +[Date] +date.timezone = {{ getenv "PHP_DATE_TIMEZONE" "Europe/Berlin" }} +;date.default_latitude = 31.7667 +;date.default_longitude = 35.2333 +;date.sunrise_zenith = 90.583333 +;date.sunset_zenith = 90.583333 + +[filter] +;filter.default = unsafe_raw +;filter.default_flags = + +[iconv] +;iconv.input_encoding = +;iconv.internal_encoding = +;iconv.output_encoding = + +[intl] +;intl.default_locale = +;intl.error_level = E_WARNING +;intl.use_exceptions = 0 + +[sqlite3] +;sqlite3.extension_dir = + +[Pcre] +;pcre.backtrack_limit = 100000 +;pcre.recursion_limit = 100000 +;pcre.jit = 1 + +[Pdo] +;pdo_odbc.connection_pooling = strict +;pdo_odbc.db2_instance_name + +[Pdo_mysql] +pdo_mysql.cache_size = 2000 +pdo_mysql.default_socket = + +[Phar] +;phar.readonly = On +;phar.require_hash = On +;phar.cache_list = + +[mail function] +SMTP = localhost +smtp_port = 25 +;sendmail_path = + +;mail.force_extra_parameters = +mail.add_x_header = On +;mail.log = +;mail.log = syslog + +[SQL] +sql.safe_mode = {{ getenv "PHP_SQL_SAFE_MODE" "On" }} + +[ODBC] +;odbc.default_db = Not yet implemented +;odbc.default_user = Not yet implemented +;odbc.default_pw = Not yet implemented +;odbc.default_cursortype +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 +;birdstep.max_links = -1 + +[Interbase] +ibase.allow_persistent = 1 +ibase.max_persistent = -1 +ibase.max_links = -1 +;ibase.default_db = +;ibase.default_user = +;ibase.default_password = +;ibase.default_charset = +ibase.timestampformat = "%Y-%m-%d %H:%M:%S" +ibase.dateformat = "%Y-%m-%d" +ibase.timeformat = "%H:%M:%S" + +[MySQLi] +;mysqli.allow_local_infile = On +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.cache_size = 2000 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off + +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off +;mysqlnd.debug = +;mysqlnd.log_mask = 0 +;mysqlnd.mempool_default_size = 16000 +;mysqlnd.net_cmd_buffer_size = 2048 +;mysqlnd.net_read_buffer_size = 32768 +;mysqlnd.net_read_timeout = 31536000 +;mysqlnd.sha256_server_public_key = + +[OCI8] +;oci8.privileged_connect = Off +;oci8.max_persistent = -1 +;oci8.persistent_timeout = -1 +;oci8.ping_interval = 60 +;oci8.connection_class = +;oci8.events = Off +;oci8.statement_cache_size = 20 +;oci8.default_prefetch = 100 +;oci8.old_oci_close_semantics = Off + +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 + +[bcmath] +bcmath.scale = 0 + +[browscap] +browscap = /etc/php7/browscap.ini + +[Session] +session.save_handler = files +session.save_path = "/var/lib/php/session" +session.use_strict_mode = 1 +session.use_cookies = 1 +session.cookie_secure = 0 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = Off +session.cookie_lifetime = 14400 +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = 1 +session.serialize_handler = php +session.gc_probability = 1 +session.gc_divisor = 1000 +session.gc_maxlifetime = 1440 +session.referer_check = +;session.entropy_length = 32 +;session.entropy_file = /dev/urandom +session.cache_limiter = nocache +session.cache_expire = 30 +session.use_trans_sid = 0 +session.hash_function = sha512 +session.hash_bits_per_character = 5 +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" +;session.upload_progress.enabled = On +;session.upload_progress.cleanup = On +;session.upload_progress.prefix = "upload_progress_" +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" +;session.upload_progress.freq = "1%" +;session.upload_progress.min_freq = "1" +;session.lazy_write = On + +[Assertion] +zend.assertions = -1 +;assert.active = On +;assert.exception = On +;assert.warning = On +;assert.bail = Off +;assert.callback = 0 +;assert.quiet_eval = 0 + +[COM] +;com.typelib_file = +;com.allow_dcom = true +;com.autoregister_typelib = true +;com.autoregister_casesensitive = false +;com.autoregister_verbose = true +;com.code_page= + +[mbstring] +;mbstring.language = Japanese +;mbstring.internal_encoding = +;mbstring.http_input = +;mbstring.http_output = +;mbstring.encoding_translation = Off +;mbstring.detect_order = auto +;mbstring.substitute_character = none +;mbstring.func_overload = 0 +;mbstring.strict_detection = On +;mbstring.http_output_conv_mimetype = + +[gd] +;gd.jpeg_ignore_warning = 0 + +[exif] +;exif.encode_unicode = ISO-8859-15 +;exif.decode_unicode_motorola = UCS-2BE +;exif.decode_unicode_intel = UCS-2LE +;exif.encode_jis = +;exif.decode_jis_motorola = JIS +;exif.decode_jis_intel = JIS + +[Tidy] +;tidy.default_config = /usr/local/lib/php7/default.tcfg +tidy.clean_output = Off + +[soap] +soap.wsdl_cache_enabled = 1 +soap.wsdl_cache_dir = "/var/lib/php/soap_cache" +soap.wsdl_cache_ttl = 86400 +soap.wsdl_cache_limit = 5 + +[sysvshm] +;sysvshm.init_mem = 10000 + +[ldap] +ldap.max_links = -1 + +[mcrypt] +;mcrypt.algorithms_dir = +;mcrypt.modes_dir = + +[dba] +;dba.default_handler = + +[opcache] +;opcache.enable = 0 +;opcache.enable_cli = 0 +;opcache.memory_consumption = 64 +;opcache.interned_strings_buffer = 4 +;opcache.max_accelerated_files = 2000 +;opcache.max_wasted_percentage = 5 +;opcache.use_cwd = 1 +;opcache.validate_timestamps = 1 +;opcache.revalidate_freq = 2 +;opcache.revalidate_path = 0 +;opcache.save_comments = 1 +;opcache.fast_shutdown = 0 +;opcache.enable_file_override = 0 +;opcache.optimization_level = 0xffffffff +;opcache.dups_fix = 0 +;opcache.blacklist_filename = +;opcache.max_file_size = 0 +;opcache.consistency_checks = 0 +;opcache.force_restart_timeout = 180 +;opcache.error_log = +;opcache.log_verbosity_level = 1 +;opcache.preferred_memory_model = +;opcache.protect_memory = 0 +;opcache.restrict_api = +;opcache.mmap_base = +;opcache.file_cache = +;opcache.file_cache_only = 0 +;opcache.file_cache_consistency_checks = 1 +;opcache.file_cache_fallback = 1 +;opcache.huge_code_pages = 1 +;opcache.validate_permission = 0 +;opcache.validate_root = 0 + +[curl] +curl.cainfo = /etc/ssl/certs/ca-certificates.crt + +[openssl] +openssl.cafile = /etc/ssl/certs/ca-certificates.crt +openssl.capath = /etc/ssl/certs diff --git a/overlay/usr/local/bin/entrypoint.sh b/overlay/usr/local/bin/entrypoint.sh new file mode 100755 index 0000000..9b2f41b --- /dev/null +++ b/overlay/usr/local/bin/entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/sh +/usr/local/bin/gomplate -V -o /etc/php7/php.ini -f /etc/templates/php.ini.tmpl +/usr/local/bin/gomplate -V -o /var/www/app/data/config.php -f /etc/templates/config.php.tmpl +/usr/local/bin/gomplate -V -o /var/www/app/constants.local.php -f /etc/templates/constants.local.php.tmpl + +/usr/bin/php -f ./cli/prepare.php >/dev/null 2>&1 + +if [ "${FRESHRSS_DEFAULT_USER}" ]; then + /usr/bin/php ./cli/create-user.php --user "$FRESHRSS_DEFAULT_USER" --password "$FRESHRSS_DEFAULT_PASSWORD" >/dev/null 2>&1 + /usr/bin/php ./cli/do-install.php --default_user "$FRESHRSS_DEFAULT_USER" >/dev/null 2>&1 +fi + +exec supercronic -split-logs /etc/crontabs/nginx 1> /dev/null & +exec php-fpm7 -F & +exec nginx -g "daemon off;"