From 111fa7a5ddceb4a1b2ce973114fdc849cd79e8cd Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Wed, 2 Oct 2019 09:43:32 +0200 Subject: [PATCH] inital commit --- .dockerignore | 8 + .drone.jsonnet | 148 +++++++ .drone.yml | 135 ++++++ .gitignore | 1 + CHANGELOG.md | 3 + Dockerfile.linux.amd64 | 52 +++ LICENSE | 21 + README.md | 140 +++++++ docker-compose.yml | 23 ++ manifest.tmpl | 15 + overlay/etc/crontabs/nginx | 2 + overlay/etc/nginx/vhost.conf | 18 + overlay/etc/php7/php-fpm.conf | 21 + overlay/etc/templates/config.php.tmpl | 73 ++++ .../etc/templates/constants.local.php.tmpl | 15 + overlay/etc/templates/php.ini.tmpl | 391 ++++++++++++++++++ overlay/usr/local/bin/entrypoint.sh | 15 + 17 files changed, 1081 insertions(+) create mode 100644 .dockerignore create mode 100644 .drone.jsonnet create mode 100644 .drone.yml create mode 100644 .gitignore create mode 100644 CHANGELOG.md create mode 100644 Dockerfile.linux.amd64 create mode 100644 LICENSE create mode 100644 README.md create mode 100644 docker-compose.yml create mode 100644 manifest.tmpl create mode 100644 overlay/etc/crontabs/nginx create mode 100644 overlay/etc/nginx/vhost.conf create mode 100644 overlay/etc/php7/php-fpm.conf create mode 100644 overlay/etc/templates/config.php.tmpl create mode 100644 overlay/etc/templates/constants.local.php.tmpl create mode 100644 overlay/etc/templates/php.ini.tmpl create mode 100755 overlay/usr/local/bin/entrypoint.sh diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..e46e3b4 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,8 @@ +.git +.git* +.drone.* +*.md +.dockerignore +Dockerfile +Dockerfile.* +docker-compose.yml diff --git a/.drone.jsonnet b/.drone.jsonnet new file mode 100644 index 0000000..7b0228d --- /dev/null +++ b/.drone.jsonnet @@ -0,0 +1,148 @@ +local PipelineBuild(os='linux', arch='amd64') = { + local tag = os + '-' + arch, + local version_tag = os + '-' + arch, + local file_suffix = std.strReplace(version_tag, '-', '.'), + kind: "pipeline", + name: version_tag, + platform: { + os: os, + arch: arch, + }, + steps: [ + { + name: 'dryrun', + image: 'plugins/docker:' + tag, + pull: 'always', + settings: { + dry_run: true, + tags: version_tag, + dockerfile: './Dockerfile.' + file_suffix, + repo: 'xoxys/freshrss', + username: { from_secret: "docker_username" }, + password: { from_secret: "docker_password" }, + build_args: { + FRESHRSS_VERSION: "${DRONE_TAG%??}", + }, + }, + }, + { + name: 'publish', + image: 'plugins/docker:' + tag, + pull: 'always', + settings: { + auto_tag: true, + auto_tag_suffix: version_tag, + dockerfile: './Dockerfile.' + file_suffix, + repo: 'xoxys/freshrss', + username: { from_secret: "docker_username" }, + password: { from_secret: "docker_password" }, + build_args: { + FRESHRSS_VERSION: "${DRONE_TAG%??}", + }, + }, + when: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + }, + }, + { + name: "publish-gitea", + image: "plugins/gitea-release", + pull: "always", + settings: { + api_key: { "from_secret": "gitea_token" }, + base_url: "https://gitea.rknet.org", + overwrite: true, + title: "${DRONE_TAG}", + note: "CHANGELOG.md", + }, + when: { + ref: ['refs/tags/**'], + }, + }, + ], +}; + +local PipelineNotifications(depends_on=[]) = { + kind: "pipeline", + name: "notifications", + platform: { + os: "linux", + arch: "amd64", + }, + steps: [ + { + image: "plugins/manifest", + name: "manifest", + pull: "always", + settings: { + ignore_missing: true, + tags: ["${DRONE_TAG}", "${DRONE_TAG%??}", "${DRONE_TAG%.*}", "${DRONE_TAG%%.*}"], + username: { from_secret: "docker_username" }, + password: { from_secret: "docker_password" }, + spec: "./manifest.tmpl", + }, + when: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + }, + }, + { + name: "readme", + image: "sheogorath/readme-to-dockerhub", + pull: "always", + environment: { + DOCKERHUB_USERNAME: { from_secret: "docker_username" }, + DOCKERHUB_PASSWORD: { from_secret: "docker_password" }, + DOCKERHUB_REPO_PREFIX: "xoxys", + DOCKERHUB_REPO_NAME: "freshrss", + README_PATH: "README.md", + SHORT_DESCRIPTION: "Rootless Kanboard - Kanban project management software" + }, + when: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + }, + }, + { + name: "microbadger", + image: "plugins/webhook", + pull: "always", + settings: { + urls: { from_secret: "microbadger_url" }, + }, + }, + { + image: "plugins/matrix", + name: "matrix", + pull: 'always', + settings: { + homeserver: "https://matrix.rknet.org", + roomid: "MtidqQXWWAtQcByBhH:rknet.org", + template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}", + username: { from_secret: "matrix_username" }, + password: { from_secret: "matrix_password" }, + }, + when: { + status: [ "success", "failure" ], + }, + }, + ], + trigger: { + status: [ "success", "failure" ], + }, + depends_on: depends_on, +}; + +[ + PipelineBuild(os='linux', arch='amd64'), + PipelineNotifications(depends_on=[ + "linux-amd64", + ]) +] diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..7662830 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,135 @@ +--- +kind: pipeline +name: linux-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: dryrun + pull: always + image: plugins/docker:linux-amd64 + settings: + build_args: + FRESHRSS_VERSION: "${DRONE_TAG%??}" + dockerfile: ./Dockerfile.linux.amd64 + dry_run: true + password: + from_secret: docker_password + repo: xoxys/freshrss + tags: linux-amd64 + username: + from_secret: docker_username + +- name: publish + pull: always + image: plugins/docker:linux-amd64 + settings: + auto_tag: true + auto_tag_suffix: linux-amd64 + build_args: + FRESHRSS_VERSION: "${DRONE_TAG%??}" + dockerfile: ./Dockerfile.linux.amd64 + password: + from_secret: docker_password + repo: xoxys/freshrss + username: + from_secret: docker_username + when: + ref: + - refs/heads/master + - "refs/tags/**" + +- name: publish-gitea + pull: always + image: plugins/gitea-release + settings: + api_key: + from_secret: gitea_token + base_url: https://gitea.rknet.org + note: CHANGELOG.md + overwrite: true + title: "${DRONE_TAG}" + when: + ref: + - "refs/tags/**" + +--- +kind: pipeline +name: notifications + +platform: + os: linux + arch: amd64 + +steps: +- name: manifest + pull: always + image: plugins/manifest + settings: + ignore_missing: true + password: + from_secret: docker_password + spec: ./manifest.tmpl + tags: + - "${DRONE_TAG}" + - "${DRONE_TAG%??}" + - "${DRONE_TAG%.*}" + - "${DRONE_TAG%%.*}" + username: + from_secret: docker_username + when: + ref: + - refs/heads/master + - "refs/tags/**" + +- name: readme + pull: always + image: sheogorath/readme-to-dockerhub + environment: + DOCKERHUB_PASSWORD: + from_secret: docker_password + DOCKERHUB_REPO_NAME: freshrss + DOCKERHUB_REPO_PREFIX: xoxys + DOCKERHUB_USERNAME: + from_secret: docker_username + README_PATH: README.md + SHORT_DESCRIPTION: Rootless Kanboard - Kanban project management software + when: + ref: + - refs/heads/master + - "refs/tags/**" + +- name: microbadger + pull: always + image: plugins/webhook + settings: + urls: + from_secret: microbadger_url + +- name: matrix + pull: always + image: plugins/matrix + settings: + homeserver: https://matrix.rknet.org + password: + from_secret: matrix_password + roomid: MtidqQXWWAtQcByBhH:rknet.org + template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}" + username: + from_secret: matrix_username + when: + status: + - success + - failure + +trigger: + status: + - success + - failure + +depends_on: +- linux-amd64 + +... diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..65e3ba2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +test/ diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..72acd59 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,3 @@ +* BUGFIX + * fix port in healthcheck script + * small vhost adjustments diff --git a/Dockerfile.linux.amd64 b/Dockerfile.linux.amd64 new file mode 100644 index 0000000..c452e2f --- /dev/null +++ b/Dockerfile.linux.amd64 @@ -0,0 +1,52 @@ +FROM xoxys/nginx:latest + +LABEL maintainer="Robert Kaussow " \ + org.label-schema.name="FreshRSS" \ + org.label-schema.version="1.2" \ + org.label-schema.vendor="Robert Kaussow" \ + org.label-schema.schema-version="1.0" + +ARG FRESHRSS_VERSION=master +ARG FRESHRSS_TARBALL=https://github.com/FreshRSS/FreshRSS/archive/${FRESHRSS_VERSION}.tar.gz + +RUN apk --update add --virtual .build-deps tar curl && \ + apk --update add php7 php7-curl php7-fpm php7-gmp php7-intl php7-mbstring php7-xml \ + php7-zip php7-ctype php7-dom php7-fileinfo php7-iconv php7-json php7-session \ + php7-simplexml php7-xmlreader php7-zlib php7-pdo_sqlite php7-pdo_mysql\ + php7-pdo_pgsql && \ + rm -rf /var/www/localhost && \ + rm -f /etc/php7/php-fpm.d/www.conf && \ + mkdir -p /var/www/app && \ + curl -SsL ${FRESHRSS_TARBALL} | tar xz -C /var/www/app/ --strip-components=1 && \ + curl -SsL -o /etc/php7/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI && \ + curl -SsL -o /usr/local/bin/supercronic https://github.com/aptible/supercronic/releases/download/v0.1.9/supercronic-linux-amd64 && \ + chmod 755 /usr/local/bin/supercronic && \ + apk del .build-deps && \ + rm -rf /var/cache/apk/* && \ + rm -rf /tmp/* && \ + rm -rf /var/www/app/CHANGELOG.md /var/www/app/CONTRIBUTING.md /var/www/app/CREDITS.md /var/www/app/Docker /var/www/app/README.* && \ + mkdir -p /var/run/php && \ + chown -R nginx /var/run/php && \ + mkdir -p /var/lib/php/tmp_upload && \ + mkdir -p /var/lib/php/soap_cache && \ + mkdir -p /var/lib/php/session && \ + chown -R nginx /var/lib/php && \ + chown nginx /etc/php7/php.ini && \ + chown -R nginx:nginx /var/www/app + +ADD overlay/ / + +VOLUME /var/www/app/extensions +VOLUME /var/www/app/data + +EXPOSE 8080 + +USER nginx + +STOPSIGNAL SIGTERM + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +HEALTHCHECK --interval=37s --timeout=5s --retries=3 \ + CMD (php -r "readfile('http://localhost:8080/i/');" | grep -q 'jsonVars') || exit 1 +WORKDIR /var/www/app +CMD [] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..c6674cc --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2019 Robert Kaussow + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice (including the next +paragraph) shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS +OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF +OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..8f4fb54 --- /dev/null +++ b/README.md @@ -0,0 +1,140 @@ +# [freshrss](https://gitea.rknet.org/docker/freshrss) + +[![Build Status](https://drone.rknet.org/api/badges/docker/freshrss/status.svg)](https://drone.rknet.org/docker/freshrss/) +[![Microbadger](https://images.microbadger.com/badges/image/xoxys/freshrss.svg)](https://microbadger.com/images/xoxys/freshrss "Get your own image badge on microbadger.com") + +FreshRSS is a self-hosted RSS feed aggregator. It is lightweight, easy to work with, powerful, and customizable. + +## Usage + +Here are some example snippets to help you get started creating a container. This repository is just a wrapper to build a community docker image from [freshrss](https://github.com/freshrss/freshrss) releases. + +> **WARNING**: For production usage you should secure your setup and NOT use the default secrets e.g. for database, default user and salt! + +### Docker + +```Shell +docker create \ + --name=freshrss \ + -p 80:8080 \ + xoxys/freshrss +``` + +### Docker Compose + +Compatible with docker-compose v2 schemas. + +```Yaml +--- +version: '2.1' + +services: + freshrss: + container_name: freshrss + image: xoxys/freshrss:latest + ports: + - "80:8080" + volumes: + - freshrss_data:/var/www/app/data + - freshrss_extensions:/var/www/app/extensions + environment: + FRESHRSS_DEFAULT_USER: admin + FRESHRSS_DEFAULT_PASSWORD: freshrss + FRESHRSS_API_ENABLED: "true" + FRESHRSS_SALT: 38fd29ac5878c270bbfc3599723cd479d48c6c58 + +volumes: + freshrss_data: + driver: local + freshrss_extensions: + driver: local + +``` + +## Environment variables + +### freshrss + +> **WARNING**: Don't change any system settings through the web UI! These changes will be overwritten at EVERY container startup. Use the provided environment variables instead. + +```Shell +FRESHRSS_ENVIRONMENT="production" +FRESHRSS_DEFAULT_USER: "admin" +FRESHRSS_DEFAULT_PASSWORD: "freshrss" +# Salt is used to make crypto more unique. +# Can be generated with e.g. cat /proc/sys/kernel/random/uuid | sha1sum | awk '{print $1}' +FRESHRSS_SALT= +# Specify address of the FreshRSS instance, +# used when building absolute URLs, e.g. for WebSub. +FRESHRSS_BASE_URL="http://localhost/" +FRESHRSS_LANGUAGE="en" +FRESHRSS_TITLE="FreshRSS" +FRESHRSS_META_DESCRIPTION +FRESHRSS_DEFAULT_USER="_" +FRESHRSS_ALLOW_ANONYMOUS="false" +FRESHRSS_ALLOW_ANONYMOUS_REFRESH="false" +FRESHRSS_AUTH_TYPE="form" +FRESHRSS_API_ENABLED="false" +FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED="false" +FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED="true" +FRESHRSS_PUBSUBHUBBUB_ENABLED="false" +FRESHRSS_ALLOW_ROBOTS="false" +FRESHRSS_ALLOW_REFERRER="false" +FRESHRSS_LIMITS_COOKIE_DURATION="2592000" +FRESHRSS_LIMITS_CACHE_DURATION="800" +FRESHRSS_LIMITS_TIMEOUT="15" +FRESHRSS_LIMITS_MAX_INACTIVITY="10800" +FRESHRSS_LIMITS_MAX_FEEDS="16384" +FRESHRSS_LIMITS_MAX_CATEGORIES="16384" +FRESHRSS_LIMITS_MAX_REGISTRATIONS="1" +FRESHRSS_CURLOPT_SSL_VERIFYHOST= +FRESHRSS_CURLOPT_SSL_VERIFYPEER= +FRESHRSS_CURLOPT_PROXYTYPE= +FRESHRSS_CURLOPT_PROXY= +FRESHRSS_CURLOPT_PROXYPORT= +FRESHRSS_CURLOPT_PROXYAUTH= +FRESHRSS_CURLOPT_PROXYUSERPWD= +FRESHRSS_DB_TYPE="sqlite" +FRESHRSS_DB_HOST="localhost" +FRESHRSS_DB_USER= +FRESHRSS_DB_PASSWORD= +FRESHRSS_DB_BASE= +FRESHRSS_DB_PREFIX="freshrss_" +## comma-seperated string, extensions must be installed! +FRESHRSS_EXTENSIONS_ENABLED="Tumblr-GDPR" +``` + +### PHP + +```Shell +PHP_EXPOSE_PHP=Off +PHP_MAX_EXECUTION_TIME=30 +PHP_MAX_INPUT_TIME=60 +PHP_MEMORY_LIMIT=50M +PHP_ERROR_REPORTING=E_ALL & ~E_DEPRECATED & ~E_STRICT +PHP_DISPLAY_ERRORS=Off +PHP_DISPLAY_STARTUP_ERRORS=Off +PHP_LOG_ERRORS=On +PHP_LOG_ERRORS_MAX_LEN=1024 +PHP_IGNORE_REPEATED_ERRORS=Off +PHP_IGNORE_REPEATED_SOURCE=Off +PHP_REPORT_MEMLEAKS=On +PHP_HTML_ERRORSOn +PHP_ERROR_LOG=/proc/self/fd/2 +PHP_POST_MAX_SIZE=8M +PHP_FILE_UPLOADS=Off +PHP_UPLOAD_MAX_FILESIZE=2M +PHP_MAX_FILE_UPLOADS=2 +PHP_ALLOW_URL_FOPEN=On +PHP_ALLOW_URL_INCLUDE=Off +PHP_DATE_TIMEZONE=Europe/Berlin +PHP_SQL_SAFE_MODE=On +``` + +### License + +This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/freshrss/src/branch/master/LICENSE) file for details. + +### Maintainers and Contributors + +[Robert Kaussow](https://gitea.rknet.org/xoxys) diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..935a2f6 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,23 @@ +--- +version: '2.1' + +services: + freshrss: + container_name: freshrss + image: xoxys/freshrss:latest + ports: + - "80:8080" + volumes: + - freshrss_data:/var/www/app/data + - freshrss_extensions:/var/www/app/extensions + environment: + FRESHRSS_DEFAULT_USER: admin + FRESHRSS_DEFAULT_PASSWORD: freshrss + FRESHRSS_API_ENABLED: "true" + FRESHRSS_SALT: 38fd29ac5878c270bbfc3599723cd479d48c6c58 + +volumes: + freshrss_data: + driver: local + freshrss_extensions: + driver: local diff --git a/manifest.tmpl b/manifest.tmpl new file mode 100644 index 0000000..cd2c37e --- /dev/null +++ b/manifest.tmpl @@ -0,0 +1,15 @@ +image: xoxys/freshrss:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} +{{#if build.tags}} +tags: +{{#each build.tags}} + {{#if this}} + - {{trimPrefix "v" this}} + - {{trimPrefix "v" this}}-linux-amd64 + {{/if}} +{{/each}} +{{/if}} +manifests: + - image: xoxys/freshrss:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64 + platform: + architecture: amd64 + os: linux diff --git a/overlay/etc/crontabs/nginx b/overlay/etc/crontabs/nginx new file mode 100644 index 0000000..c57cf9a --- /dev/null +++ b/overlay/etc/crontabs/nginx @@ -0,0 +1,2 @@ +SHELL=/bin/sh +*/15 * * * * /usr/bin/php -f /var/www/app/app/actualize_script.php >/dev/null 2>&1 diff --git a/overlay/etc/nginx/vhost.conf b/overlay/etc/nginx/vhost.conf new file mode 100644 index 0000000..6e2121a --- /dev/null +++ b/overlay/etc/nginx/vhost.conf @@ -0,0 +1,18 @@ +server { + listen 8080; + server_name localhost; + index index index.php index.html index.htm; + root /var/www/app/p/; + + location ~ ^.+?\.php(/.*)?$ { + fastcgi_pass unix:/var/run/php/php-fpm.sock; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + location / { + try_files $uri $uri/ index.php; + } +} diff --git a/overlay/etc/php7/php-fpm.conf b/overlay/etc/php7/php-fpm.conf new file mode 100644 index 0000000..c5f6603 --- /dev/null +++ b/overlay/etc/php7/php-fpm.conf @@ -0,0 +1,21 @@ +[global] +error_log = /proc/self/fd/2 +log_level = warning +daemonize = no + +[www] +catch_workers_output = yes + +user = nginx +group = nginx + +listen.owner = nginx +listen.group = nginx +listen = /var/run/php/php-fpm.sock + +pm = dynamic +pm.max_children = 20 +pm.start_servers = 1 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 +pm.max_requests = 2048 diff --git a/overlay/etc/templates/config.php.tmpl b/overlay/etc/templates/config.php.tmpl new file mode 100644 index 0000000..d0c8ec6 --- /dev/null +++ b/overlay/etc/templates/config.php.tmpl @@ -0,0 +1,73 @@ + '{{ getenv "FRESHRSS_ENVIRONMENT" "production" }}', + 'salt' => '{{ getenv "FRESHRSS_SALT" }}', + 'base_url' => '{{ getenv "FRESHRSS_BASE_URL" "http://localhost/" }}', + 'auto_update_url' => 'https://update.freshrss.org', + 'language' => '{{ getenv "FRESHRSS_LANGUAGE" "en" }}', + 'title' => '{{ getenv "FRESHRSS_TITLE" "FreshRSS" }}', + 'meta_description' => '{{ getenv "FRESHRSS_META_DESCRIPTION" }}', + 'default_user' => '{{ getenv "FRESHRSS_DEFAULT_USER" "_" }}', + 'allow_anonymous' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS" "false" }}, + 'allow_anonymous_refresh' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS_REFRESH" "false" }}, + 'auth_type' => '{{ getenv "FRESHRSS_AUTH_TYPE" "form" }}', + 'api_enabled' => {{ getenv "FRESHRSS_API_ENABLED" "false" }}, + 'unsafe_autologin_enabled' => {{ getenv "FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED" "false" }}, + 'simplepie_syslog_enabled' => {{ getenv "FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED" "true" }}, + 'pubsubhubbub_enabled' => {{ getenv "FRESHRSS_PUBSUBHUBBUB_ENABLED" "false" }}, + 'allow_robots' => {{ getenv "FRESHRSS_ALLOW_ROBOTS" "false" }}, + 'allow_referrer' => {{ getenv "FRESHRSS_ALLOW_REFERRER" "false" }}, + + 'limits' => array( + 'cookie_duration' => {{ getenv "FRESHRSS_LIMITS_COOKIE_DURATION" "2592000" }}, + 'cache_duration' => {{ getenv "FRESHRSS_LIMITS_CACHE_DURATION" "800" }}, + 'timeout' => {{ getenv "FRESHRSS_LIMITS_TIMEOUT" "15" }}, + 'max_inactivity' => {{ getenv "FRESHRSS_LIMITS_MAX_INACTIVITY" "10800" }}, + 'max_feeds' => {{ getenv "FRESHRSS_LIMITS_MAX_FEEDS" "16384" }}, + 'max_categories' => {{ getenv "FRESHRSS_LIMITS_MAX_CATEGORIES" "16384" }}, + 'max_registrations' => {{ getenv "FRESHRSS_LIMITS_MAX_REGISTRATIONS" "1" }}, + ), + + 'curl_options' => array( + {{- if not (bool (getenv "FRESHRSS_CURLOPT_SSL_VERIFYHOST" "true")) }} + CURLOPT_SSL_VERIFYHOST => {{ getenv "FRESHRSS_CURLOPT_SSL_VERIFYHOST" }}, + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_SSL_VERIFYPEER" "true")) }} + CURLOPT_SSL_VERIFYPEER => {{ getenv "FRESHRSS_CURLOPT_SSL_VERIFYPEER" }}, + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYTYPE" "true")) }} + CURLOPT_PROXYTYPE => {{ getenv "FRESHRSS_CURLOPT_PROXYTYPE" }}, + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXY" "true" )) }} + CURLOPT_PROXY => '{{ getenv "FRESHRSS_CURLOPT_PROXY" }}', + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYPORT" "true" )) }} + CURLOPT_PROXYPORT => {{ getenv "FRESHRSS_CURLOPT_PROXYPORT" }}, + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYAUTH" "true" )) }} + CURLOPT_PROXYAUTH => {{ getenv "FRESHRSS_CURLOPT_PROXYAUTH" }}, + {{- end }} + {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYUSERPWD" "true" )) }} + CURLOPT_PROXYUSERPWD => '{{ getenv "FRESHRSS_CURLOPT_PROXYUSERPWD" }}', + {{- end }} + ), + + 'db' => array( + 'type' => '{{ getenv "FRESHRSS_DB_TYPE" "sqlite" }}', + 'host' => '{{ getenv "FRESHRSS_DB_HOST" "localhost" }}', + 'user' => '{{ getenv "FRESHRSS_DB_USER" }}', + 'password' => '{{ getenv "FRESHRSS_DB_PASSWORD" }}', + 'base' => '{{ getenv "FRESHRSS_DB_BASE" }}', + 'prefix' => '{{ getenv "FRESHRSS_DB_PREFIX" "freshrss_" }}', + 'pdo_options' => array(), + + ), + + 'extensions_enabled' => array( + {{- range (getenv "FRESHRSS_EXTENSIONS_ENABLED" "Tumblr-GDPR" | strings.Split ",") }} + '{{ . | strings.TrimSpace }}' => true, + {{- end }} + ), + + 'disable_update' => true, +); diff --git a/overlay/etc/templates/constants.local.php.tmpl b/overlay/etc/templates/constants.local.php.tmpl new file mode 100644 index 0000000..c11cb21 --- /dev/null +++ b/overlay/etc/templates/constants.local.php.tmpl @@ -0,0 +1,15 @@ +" +;error_append_string = "" +error_log = {{ getenv "PHP_ERROR_LOG" "/proc/self/fd/2"}} +;windows.show_crt_warning + +;arg_separator.output = "&" +;arg_separator.input = ";&" + +variables_order = "GPCS" +request_order = "GP" + +register_argc_argv = Off +auto_globals_jit = On +;enable_post_data_reading = Off +post_max_size = {{ getenv "PHP_POST_MAX_SIZE" "8M" }} + +auto_prepend_file = +auto_append_file = + +default_mimetype = "text/html" +default_charset = "UTF-8" +;internal_encoding = +;input_encoding = +;output_encoding = + +;include_path = ".:/php7/includes" + +doc_root = +user_dir = + +extension_dir = "/usr/lib/php7/modules" +;sys_temp_dir = "/tmp" +enable_dl = Off + +cgi.force_redirect = 1 +;cgi.nph = 1 +;cgi.redirect_status_env = +cgi.fix_pathinfo = 0 +cgi.discard_path = 1 + +;fastcgi.impersonate = 1 +;fastcgi.logging = 0 +;cgi.rfc2616_headers = 0 +;cgi.check_shebang_line = 1 + +file_uploads = {{ getenv "PHP_FILE_UPLOADS" "Off" }} +upload_tmp_dir = /var/lib/php/tmp_upload +upload_max_filesize = {{ getenv "PHP_UPLOAD_MAX_FILESIZE" "2M" }} +max_file_uploads = {{ getenv "PHP_MAX_FILE_UPLOADS" "2" }} + +allow_url_fopen = {{ getenv "PHP_ALLOW_URL_FOPEN" "On" }} +allow_url_include = {{ getenv "PHP_ALLOW_URL_INCLUDE" "Off" }} + +;from="john@doe.com" +;user_agent="PHP" + +default_socket_timeout = 60 +;auto_detect_line_endings = Off + +[CLI Server] +cli_server.color = On + +[Date] +date.timezone = {{ getenv "PHP_DATE_TIMEZONE" "Europe/Berlin" }} +;date.default_latitude = 31.7667 +;date.default_longitude = 35.2333 +;date.sunrise_zenith = 90.583333 +;date.sunset_zenith = 90.583333 + +[filter] +;filter.default = unsafe_raw +;filter.default_flags = + +[iconv] +;iconv.input_encoding = +;iconv.internal_encoding = +;iconv.output_encoding = + +[intl] +;intl.default_locale = +;intl.error_level = E_WARNING +;intl.use_exceptions = 0 + +[sqlite3] +;sqlite3.extension_dir = + +[Pcre] +;pcre.backtrack_limit = 100000 +;pcre.recursion_limit = 100000 +;pcre.jit = 1 + +[Pdo] +;pdo_odbc.connection_pooling = strict +;pdo_odbc.db2_instance_name + +[Pdo_mysql] +pdo_mysql.cache_size = 2000 +pdo_mysql.default_socket = + +[Phar] +;phar.readonly = On +;phar.require_hash = On +;phar.cache_list = + +[mail function] +SMTP = localhost +smtp_port = 25 +;sendmail_path = + +;mail.force_extra_parameters = +mail.add_x_header = On +;mail.log = +;mail.log = syslog + +[SQL] +sql.safe_mode = {{ getenv "PHP_SQL_SAFE_MODE" "On" }} + +[ODBC] +;odbc.default_db = Not yet implemented +;odbc.default_user = Not yet implemented +;odbc.default_pw = Not yet implemented +;odbc.default_cursortype +odbc.allow_persistent = On +odbc.check_persistent = On +odbc.max_persistent = -1 +odbc.max_links = -1 +odbc.defaultlrl = 4096 +odbc.defaultbinmode = 1 +;birdstep.max_links = -1 + +[Interbase] +ibase.allow_persistent = 1 +ibase.max_persistent = -1 +ibase.max_links = -1 +;ibase.default_db = +;ibase.default_user = +;ibase.default_password = +;ibase.default_charset = +ibase.timestampformat = "%Y-%m-%d %H:%M:%S" +ibase.dateformat = "%Y-%m-%d" +ibase.timeformat = "%H:%M:%S" + +[MySQLi] +;mysqli.allow_local_infile = On +mysqli.max_persistent = -1 +mysqli.allow_persistent = On +mysqli.max_links = -1 +mysqli.cache_size = 2000 +mysqli.default_port = 3306 +mysqli.default_socket = +mysqli.default_host = +mysqli.default_user = +mysqli.default_pw = +mysqli.reconnect = Off + +[mysqlnd] +mysqlnd.collect_statistics = On +mysqlnd.collect_memory_statistics = Off +;mysqlnd.debug = +;mysqlnd.log_mask = 0 +;mysqlnd.mempool_default_size = 16000 +;mysqlnd.net_cmd_buffer_size = 2048 +;mysqlnd.net_read_buffer_size = 32768 +;mysqlnd.net_read_timeout = 31536000 +;mysqlnd.sha256_server_public_key = + +[OCI8] +;oci8.privileged_connect = Off +;oci8.max_persistent = -1 +;oci8.persistent_timeout = -1 +;oci8.ping_interval = 60 +;oci8.connection_class = +;oci8.events = Off +;oci8.statement_cache_size = 20 +;oci8.default_prefetch = 100 +;oci8.old_oci_close_semantics = Off + +[PostgreSQL] +pgsql.allow_persistent = On +pgsql.auto_reset_persistent = Off +pgsql.max_persistent = -1 +pgsql.max_links = -1 +pgsql.ignore_notice = 0 +pgsql.log_notice = 0 + +[bcmath] +bcmath.scale = 0 + +[browscap] +browscap = /etc/php7/browscap.ini + +[Session] +session.save_handler = files +session.save_path = "/var/lib/php/session" +session.use_strict_mode = 1 +session.use_cookies = 1 +session.cookie_secure = 0 +session.use_only_cookies = 1 +session.name = PHPSESSID +session.auto_start = Off +session.cookie_lifetime = 14400 +session.cookie_path = / +session.cookie_domain = +session.cookie_httponly = 1 +session.serialize_handler = php +session.gc_probability = 1 +session.gc_divisor = 1000 +session.gc_maxlifetime = 1440 +session.referer_check = +;session.entropy_length = 32 +;session.entropy_file = /dev/urandom +session.cache_limiter = nocache +session.cache_expire = 30 +session.use_trans_sid = 0 +session.hash_function = sha512 +session.hash_bits_per_character = 5 +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" +;session.upload_progress.enabled = On +;session.upload_progress.cleanup = On +;session.upload_progress.prefix = "upload_progress_" +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" +;session.upload_progress.freq = "1%" +;session.upload_progress.min_freq = "1" +;session.lazy_write = On + +[Assertion] +zend.assertions = -1 +;assert.active = On +;assert.exception = On +;assert.warning = On +;assert.bail = Off +;assert.callback = 0 +;assert.quiet_eval = 0 + +[COM] +;com.typelib_file = +;com.allow_dcom = true +;com.autoregister_typelib = true +;com.autoregister_casesensitive = false +;com.autoregister_verbose = true +;com.code_page= + +[mbstring] +;mbstring.language = Japanese +;mbstring.internal_encoding = +;mbstring.http_input = +;mbstring.http_output = +;mbstring.encoding_translation = Off +;mbstring.detect_order = auto +;mbstring.substitute_character = none +;mbstring.func_overload = 0 +;mbstring.strict_detection = On +;mbstring.http_output_conv_mimetype = + +[gd] +;gd.jpeg_ignore_warning = 0 + +[exif] +;exif.encode_unicode = ISO-8859-15 +;exif.decode_unicode_motorola = UCS-2BE +;exif.decode_unicode_intel = UCS-2LE +;exif.encode_jis = +;exif.decode_jis_motorola = JIS +;exif.decode_jis_intel = JIS + +[Tidy] +;tidy.default_config = /usr/local/lib/php7/default.tcfg +tidy.clean_output = Off + +[soap] +soap.wsdl_cache_enabled = 1 +soap.wsdl_cache_dir = "/var/lib/php/soap_cache" +soap.wsdl_cache_ttl = 86400 +soap.wsdl_cache_limit = 5 + +[sysvshm] +;sysvshm.init_mem = 10000 + +[ldap] +ldap.max_links = -1 + +[mcrypt] +;mcrypt.algorithms_dir = +;mcrypt.modes_dir = + +[dba] +;dba.default_handler = + +[opcache] +;opcache.enable = 0 +;opcache.enable_cli = 0 +;opcache.memory_consumption = 64 +;opcache.interned_strings_buffer = 4 +;opcache.max_accelerated_files = 2000 +;opcache.max_wasted_percentage = 5 +;opcache.use_cwd = 1 +;opcache.validate_timestamps = 1 +;opcache.revalidate_freq = 2 +;opcache.revalidate_path = 0 +;opcache.save_comments = 1 +;opcache.fast_shutdown = 0 +;opcache.enable_file_override = 0 +;opcache.optimization_level = 0xffffffff +;opcache.dups_fix = 0 +;opcache.blacklist_filename = +;opcache.max_file_size = 0 +;opcache.consistency_checks = 0 +;opcache.force_restart_timeout = 180 +;opcache.error_log = +;opcache.log_verbosity_level = 1 +;opcache.preferred_memory_model = +;opcache.protect_memory = 0 +;opcache.restrict_api = +;opcache.mmap_base = +;opcache.file_cache = +;opcache.file_cache_only = 0 +;opcache.file_cache_consistency_checks = 1 +;opcache.file_cache_fallback = 1 +;opcache.huge_code_pages = 1 +;opcache.validate_permission = 0 +;opcache.validate_root = 0 + +[curl] +curl.cainfo = /etc/ssl/certs/ca-certificates.crt + +[openssl] +openssl.cafile = /etc/ssl/certs/ca-certificates.crt +openssl.capath = /etc/ssl/certs diff --git a/overlay/usr/local/bin/entrypoint.sh b/overlay/usr/local/bin/entrypoint.sh new file mode 100755 index 0000000..9b2f41b --- /dev/null +++ b/overlay/usr/local/bin/entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/sh +/usr/local/bin/gomplate -V -o /etc/php7/php.ini -f /etc/templates/php.ini.tmpl +/usr/local/bin/gomplate -V -o /var/www/app/data/config.php -f /etc/templates/config.php.tmpl +/usr/local/bin/gomplate -V -o /var/www/app/constants.local.php -f /etc/templates/constants.local.php.tmpl + +/usr/bin/php -f ./cli/prepare.php >/dev/null 2>&1 + +if [ "${FRESHRSS_DEFAULT_USER}" ]; then + /usr/bin/php ./cli/create-user.php --user "$FRESHRSS_DEFAULT_USER" --password "$FRESHRSS_DEFAULT_PASSWORD" >/dev/null 2>&1 + /usr/bin/php ./cli/do-install.php --default_user "$FRESHRSS_DEFAULT_USER" >/dev/null 2>&1 +fi + +exec supercronic -split-logs /etc/crontabs/nginx 1> /dev/null & +exec php-fpm7 -F & +exec nginx -g "daemon off;"