.drone.yml

@@ -28,11 +28,12 @@ platform:
 
 steps:
   - name: dryrun
-    image: thegeeklab/drone-docker-buildx:23
+    image: thegeeklab/drone-docker-buildx:20
     settings:
+      build_args:
+        - BUILD_VERSION=${DRONE_TAG%-*}
       dockerfile: Dockerfile
       dry_run: true
-      provenance: false
       repo: thegeeklab/${DRONE_REPO_NAME}
     when:
       ref:
@@ -69,12 +70,13 @@ steps:
       - changelog-generate
 
   - name: publish-dockerhub
-    image: thegeeklab/drone-docker-buildx:23
+    image: thegeeklab/drone-docker-buildx:20
     settings:
+      build_args:
+        - BUILD_VERSION=${DRONE_TAG%-*}
       dockerfile: Dockerfile
       password:
         from_secret: docker_password
-      provenance: false
       repo: thegeeklab/${DRONE_REPO_NAME}
       username:
         from_secret: docker_username
@@ -86,12 +88,13 @@ steps:
       - changelog-format
 
   - name: publish-quay
-    image: thegeeklab/drone-docker-buildx:23
+    image: thegeeklab/drone-docker-buildx:20
     settings:
+      build_args:
+        - BUILD_VERSION=${DRONE_TAG%-*}
       dockerfile: Dockerfile
       password:
         from_secret: quay_password
-      provenance: false
       registry: quay.io
       repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
       username:
@@ -173,7 +176,7 @@ steps:
         from_secret: matrix_password
       roomid:
         from_secret: matrix_roomid
-      template: "Status: **{{ .Build.Status }}**<br/> Build: [{{ .Repo.Owner }}/{{ .Repo.Name }}]({{ .Build.Link }}){{ if .Build.Branch }} ({{ .Build.Branch }}){{ end }} by {{ .Commit.Author }}<br/> Message: {{ .Commit.Message.Title }}"
+      template: "Status: **{{ build.Status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.Link }}){{#if build.Branch}} ({{ build.Branch }}){{/if}} by {{ commit.Author }}<br/> Message: {{ commit.Message.Title }}"
       username:
         from_secret: matrix_username
     when:
@@ -194,6 +197,6 @@ depends_on:
 
 ---
 kind: signature
-hmac: cba07850e21c648f8558e69aa7e5a561ef473fe2a3a7890bf308a57c73ea0343
+hmac: 07c057dfd06b861ee2213ff0f86e517c52aea018985cd84d90c69c7d21483116
 
 ...

Dockerfile

@@ -1,4 +1,4 @@
-FROM thegeeklab/nginx:latest@sha256:72ffd57b6b89013f6b4c6a8a97728120df1dfac0d66b2164e0aacba21ee87380
+FROM thegeeklab/nginx:latest@sha256:513f14c0fd3f5dadf02205ebf4d75b30d204df5df21e2fe0b0f1599f58f3fe85
 
 LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
 LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
@@ -10,24 +10,24 @@ LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/docker/fre
 ARG BUILD_VERSION
 
 # renovate: datasource=github-releases depName=FreshRSS/FreshRSS
-ENV FRESHRSS_VERSION="${BUILD_VERSION:-1.21.0}"
+ENV FRESHRSS_VERSION="${BUILD_VERSION:-1.19.2}"
 
 ADD overlay/ /
 
 RUN apk --update add --virtual .build-deps tar curl && \
-    apk --update add php81 php81-curl php81-fpm php81-gmp php81-intl php81-mbstring php81-xml \
-      php81-zip php81-ctype php81-dom php81-fileinfo php81-iconv php81-json php81-opcache php81-phar \
-      php81-session php81-simplexml php81-xmlreader php81-xmlwriter php81-tokenizer php81-zlib \
-      php81-openssl php81-pdo_sqlite php81-pdo_mysql php81-pdo_pgsql && \
+    apk --update add php8 php8-curl php8-fpm php8-gmp php8-intl php8-mbstring php8-xml \
+      php8-zip php8-ctype php8-dom php8-fileinfo php8-iconv php8-json php8-opcache php8-phar \
+      php8-session php8-simplexml php8-xmlreader php8-xmlwriter php8-tokenizer php8-zlib \
+      php8-pdo_sqlite php8-pdo_mysql php8-pdo_pgsql && \
     rm -rf /var/www/localhost && \
-    rm -f /etc/php81/php-fpm.d/www.conf && \
+    rm -f /etc/php8/php-fpm.d/www.conf && \
     mkdir -p /var/www/app && \
     mkdir /var/www/.postgresql && \
     FRESHRSS_VERSION="${FRESHRSS_VERSION##v}" && \
     echo "Installing FreshRSS version '${FRESHRSS_VERSION}' ..." && \
-    curl -SsfL "https://github.com/FreshRSS/FreshRSS/archive/${FRESHRSS_VERSION}.tar.gz" | \
+    curl -SsL "https://github.com/FreshRSS/FreshRSS/archive/${FRESHRSS_VERSION}.tar.gz" | \
       tar xz -C /var/www/app/ -X /.tarignore --strip-components=1 && \
-    curl -SsfL -o /etc/php81/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI && \
+    curl -SsL -o /etc/php8/browscap.ini https://browscap.org/stream?q=Lite_PHP_BrowsCapINI && \
     apk del .build-deps && \
     rm -rf /var/cache/apk/* && \
     rm -rf /tmp/* && \
@@ -37,7 +37,7 @@ RUN apk --update add --virtual .build-deps tar curl && \
     mkdir -p /var/lib/php/soap_cache && \
     mkdir -p /var/lib/php/session && \
     chown -R nginx /var/lib/php && \
-    chown nginx /etc/php81/php.ini && \
+    chown nginx /etc/php8/php.ini && \
     chown -R nginx:nginx /var/www/.postgresql && \
     chown -R nginx:nginx /var/www/app
 
@@ -51,5 +51,6 @@ USER nginx
 STOPSIGNAL SIGTERM
 
 ENTRYPOINT ["/usr/local/bin/entrypoint"]
+HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD /usr/local/bin/healthcheck
 WORKDIR /var/www/app
 CMD []

README.md

@@ -48,6 +48,7 @@ FRESHRSS_BASE_URL="http://localhost/"
 FRESHRSS_LANGUAGE="en"
 FRESHRSS_TITLE="FreshRSS"
 FRESHRSS_META_DESCRIPTION=
+FRESHRSS_DEFAULT_USER="_"
 FRESHRSS_ALLOW_ANONYMOUS="false"
 FRESHRSS_ALLOW_ANONYMOUS_REFRESH="false"
 FRESHRSS_AUTH_TYPE="form"
@@ -79,8 +80,6 @@ FRESHRSS_DB_BASE=
 FRESHRSS_DB_PREFIX="freshrss_"
 ## comma-seperated string, extensions must be installed!
 FRESHRSS_EXTENSIONS_ENABLED="Tumblr-GDPR"
-## comma-seperated string
-FRESHRSS_TRUSTED_SOURCES=127.0.0.0/8,::1/128
 ```
 
 ### PHP

overlay/etc/templates/config.php.tmpl

@@ -7,16 +7,16 @@ return array(
     'language' => '{{ getenv "FRESHRSS_LANGUAGE" "en" }}',
     'title' => '{{ getenv "FRESHRSS_TITLE" "FreshRSS" }}',
     'meta_description' => '{{ getenv "FRESHRSS_META_DESCRIPTION" }}',
-    'default_user' => '{{ getenv "FRESHRSS_DEFAULT_USER" "admin" }}',
-    'allow_anonymous' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS" "false" | conv.ToBool }},
-    'allow_anonymous_refresh' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS_REFRESH" "false" | conv.ToBool }},
+    'default_user' => '{{ getenv "FRESHRSS_DEFAULT_USER" "_" }}',
+    'allow_anonymous' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS" "false" }},
+    'allow_anonymous_refresh' => {{ getenv "FRESHRSS_ALLOW_ANONYMOUS_REFRESH" "false" }},
     'auth_type' => '{{ getenv "FRESHRSS_AUTH_TYPE" "form" }}',
-    'api_enabled' => {{ getenv "FRESHRSS_API_ENABLED" "false" | conv.ToBool }},
-    'unsafe_autologin_enabled' => {{ getenv "FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED" "false" | conv.ToBool }},
-    'simplepie_syslog_enabled' => {{ getenv "FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED" "true" | conv.ToBool }},
-    'pubsubhubbub_enabled' => {{ getenv "FRESHRSS_PUBSUBHUBBUB_ENABLED" "false" | conv.ToBool }},
-    'allow_robots' => {{ getenv "FRESHRSS_ALLOW_ROBOTS" "false" | conv.ToBool }},
-    'allow_referrer' => {{ getenv "FRESHRSS_ALLOW_REFERRER" "false" | conv.ToBool }},
+    'api_enabled' => {{ getenv "FRESHRSS_API_ENABLED" "false" }},
+    'unsafe_autologin_enabled' => {{ getenv "FRESHRSS_UNSAFE_AUTOLOGIN_ENABLED" "false" }},
+    'simplepie_syslog_enabled' => {{ getenv "FRESHRSS_SIMPLEPIE_SYSLOG_ENABLED" "true" }},
+    'pubsubhubbub_enabled' => {{ getenv "FRESHRSS_PUBSUBHUBBUB_ENABLED" "false" }},
+    'allow_robots' => {{ getenv "FRESHRSS_ALLOW_ROBOTS" "false" }},
+    'allow_referrer' => {{ getenv "FRESHRSS_ALLOW_REFERRER" "false" }},
 
     'limits' => array(
         'cookie_duration' => {{ getenv "FRESHRSS_LIMITS_COOKIE_DURATION" "2592000" }},
@@ -29,25 +29,25 @@ return array(
     ),
 
     'curl_options' => array(
-        {{- if not (getenv "FRESHRSS_CURLOPT_SSL_VERIFYHOST" "true" | conv.ToBool) }}
+        {{- if not (bool (getenv "FRESHRSS_CURLOPT_SSL_VERIFYHOST" "true")) }}
         CURLOPT_SSL_VERIFYHOST => {{ getenv "FRESHRSS_CURLOPT_SSL_VERIFYHOST" }},
         {{- end }}
-        {{- if not (getenv "FRESHRSS_CURLOPT_SSL_VERIFYPEER" "true" | conv.ToBool) }}
+        {{- if not (bool (getenv "FRESHRSS_CURLOPT_SSL_VERIFYPEER" "true")) }}
         CURLOPT_SSL_VERIFYPEER => {{ getenv "FRESHRSS_CURLOPT_SSL_VERIFYPEER" }},
         {{- end }}
-        {{- if not (getenv "FRESHRSS_CURLOPT_PROXYTYPE" "true" | conv.ToBool) }}
+        {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYTYPE" "true")) }}
         CURLOPT_PROXYTYPE => {{ getenv "FRESHRSS_CURLOPT_PROXYTYPE" }},
         {{- end }}
-        {{- if not (getenv "FRESHRSS_CURLOPT_PROXY" "true" | conv.ToBool ) }}
+        {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXY" "true" )) }}
         CURLOPT_PROXY => '{{ getenv "FRESHRSS_CURLOPT_PROXY" }}',
         {{- end }}
-        {{- if not (getenv "FRESHRSS_CURLOPT_PROXYPORT" "true" | conv.ToBool ) }}
+        {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYPORT" "true" )) }}
         CURLOPT_PROXYPORT => {{ getenv "FRESHRSS_CURLOPT_PROXYPORT" }},
         {{- end }}
-        {{- if not (getenv "FRESHRSS_CURLOPT_PROXYAUTH" "true" | conv.ToBool ) }}
+        {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYAUTH" "true" )) }}
         CURLOPT_PROXYAUTH => {{ getenv "FRESHRSS_CURLOPT_PROXYAUTH" }},
         {{- end }}
-        {{- if not (getenv "FRESHRSS_CURLOPT_PROXYUSERPWD" "true" | conv.ToBool ) }}
+        {{- if not (bool (getenv "FRESHRSS_CURLOPT_PROXYUSERPWD" "true" )) }}
         CURLOPT_PROXYUSERPWD => '{{ getenv "FRESHRSS_CURLOPT_PROXYUSERPWD" }}',
         {{- end }}
     ),
@@ -71,10 +71,4 @@ return array(
     ),
 
     'disable_update' => true,
-
-    'trusted_sources' => [
-        {{- range (getenv "FRESHRSS_TRUSTED_SOURCES" "127.0.0.0/8,::1/128" | strings.Split ",") }}
-        '{{ . | strings.TrimSpace }}',
-        {{- end }}
-    ]
 );

overlay/etc/templates/php.ini.tmpl

@@ -19,7 +19,7 @@ implicit_flush = Off
 unserialize_callback_func =
 serialize_precision = 17
 
-open_basedir = "/var/www/app:/var/lib/php/tmp_upload:/var/lib/php/session:/var/lib/php/soap_cache:/tmp"
+open_basedir = "/var/www/app:/var/lib/php/tmp_upload:/var/lib/php/session:/var/lib/php/soap_cache"
 
 disable_functions = system, exec, shell_exec, phpinfo, show_source, highlight_file, popen, proc_open, fopen_with_path, dbmopen, dbase_open, move_uploaded_file, chmod, filepro, filepro_rowcount, filepro_retrieve, posix_mkfifo
 disable_classes =
@@ -86,12 +86,12 @@ default_charset = "UTF-8"
 ;input_encoding =
 ;output_encoding =
 
-;include_path = ".:/php81/includes"
+;include_path = ".:/php8/includes"
 
 doc_root =
 user_dir =
 
-extension_dir = "/usr/lib/php81/modules"
+extension_dir = "/usr/lib/php8/modules"
 ;sys_temp_dir = "/tmp"
 enable_dl = Off
 
@@ -250,7 +250,7 @@ pgsql.log_notice = 0
 bcmath.scale = 0
 
 [browscap]
-browscap = /etc/php81/browscap.ini
+browscap = /etc/php8/browscap.ini
 
 [Session]
 session.save_handler = files
@@ -327,7 +327,7 @@ zend.assertions = -1
 ;exif.decode_jis_intel = JIS
 
 [Tidy]
-;tidy.default_config = /usr/local/lib/php81/default.tcfg
+;tidy.default_config = /usr/local/lib/php8/default.tcfg
 tidy.clean_output = Off
 
 [soap]

overlay/usr/local/bin/entrypoint

@@ -3,7 +3,8 @@
 # shellcheck disable=SC1091
 . /usr/local/lib/log.sh
 
-/usr/local/bin/gomplate -o /etc/php81/php.ini -f /etc/templates/php.ini.tmpl
+/usr/local/bin/gomplate -o /etc/php8/php.ini -f /etc/templates/php.ini.tmpl
+/usr/local/bin/gomplate -o /var/www/app/data/config.php -f /etc/templates/config.php.tmpl
 /usr/local/bin/gomplate -o /var/www/app/constants.local.php -f /etc/templates/constants.local.php.tmpl
 
 if [ -n "${FRESHRSS_POSTGRES_SSL_ROOTCERT}" ] && [ ! -f "/var/www/.postgresql/root.crt" ]; then
@@ -34,28 +35,27 @@ else
     exit $EXITCODE
 fi
 
-log_info "Ensure default user exists"
-ERROR=$(/usr/bin/php ./cli/create-user.php \
-    --user "${FRESHRSS_DEFAULT_USER:-admin}" \
-    --password "${FRESHRSS_DEFAULT_PASSWORD:-freshrss}" \
-    --language "${FRESHRSS_LANGUAGE:-en}" \
-    2>&1)
-EXITCODE=$?
+if [ "${FRESHRSS_DEFAULT_USER}" ]; then
+    log_info "Ensure default user exists"
+    ERROR=$(/usr/bin/php ./cli/create-user.php \
+        --user "$FRESHRSS_DEFAULT_USER" \
+        --password "$FRESHRSS_DEFAULT_PASSWORD" \
+        --language "${FRESHRSS_LANGUAGE:-en}" \
+        2>&1)
+    EXITCODE=$?
 
-if [ $EXITCODE -eq 3 ]; then
-    log_info "FreshRSS user already exists, skipped"
-elif [ $EXITCODE -eq 0 ]; then
-    log_info "FreshRSS user successfully created"
-    ./cli/list-users.php | xargs -n1 ./cli/actualize-user.php --user "${FRESHRSS_DEFAULT_USER:-admin}"
-    ./cli/access-permissions.sh
-else
-    log_error "FreshRSS error during the creation of a user: ${ERROR}"
-    exit $EXITCODE
+    if [ $EXITCODE -eq 3 ]; then
+        log_info "FreshRSS user already exists, skipped"
+    elif [ $EXITCODE -eq 0 ]; then
+        log_info "FreshRSS user successfully created"
+        ./cli/list-users.php | xargs -n1 ./cli/actualize-user.php --user "$FRESHRSS_DEFAULT_USER"
+    else
+        log_error "FreshRSS error during the creation of a user: ${ERROR}"
+        exit $EXITCODE
+    fi
 fi
 
-/usr/local/bin/gomplate -o /var/www/app/data/config.php -f /etc/templates/config.php.tmpl
-
 log_info "Start FreshRSS Server\n"
 supercronic /etc/crontabs/nginx &
-php-fpm81 -F &
+php-fpm8 -F &
 exec nginx -g "daemon off;"

overlay/usr/local/bin/healthcheck

@@ -1,12 +1,3 @@
 #!/usr/bin/env sh
 
-# shellcheck disable=SC3040
-set -eo pipefail
-
-if [ "$(gomplate -i '{{ getenv "FRESHRSS_API_ENABLED" "false" | conv.ToBool }}')" = "true" ]; then
-    (php -r "readfile('http://127.0.0.1:8080/api/fever.php');" | grep -q 'api_version') || exit 1
-else
-    (php -r "readfile('http://127.0.0.1:8080/i/');" | grep -q 'jsonVars') || exit 1
-fi
-
-exit 0
+(php -r "readfile('http://127.0.0.1:8080/i/');" | grep -q 'jsonVars') || exit 1