From b9b0565e83998c38d97d3f740786190b49551907 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Tue, 2 Jul 2019 14:18:08 +0200
Subject: [PATCH] initial commit

---
 .drone.jsonnet                           | 107 +++++++
 .drone.yml                               |  99 ++++++
 Dockerfile.linux.amd64                   |  34 ++
 docker-compose.yml                       |  20 ++
 manifest.tpl                             |  13 +
 overlay/etc/nginx/nginx.conf             |  68 ++++
 overlay/etc/php7/php-fpm.conf            |  21 ++
 overlay/etc/php7/php.ini                 | 391 +++++++++++++++++++++++
 overlay/etc/services.d/.s6-svscan/finish |   2 +
 overlay/etc/services.d/nginx/run         |   2 +
 overlay/etc/services.d/php/run           |   2 +
 overlay/etc/services.d/update-feeds/run  |   2 +
 overlay/etc/templates/config.php.tmpl    | 180 +++++++++++
 overlay/etc/templates/php.ini.tmpl       | 391 +++++++++++++++++++++++
 overlay/usr/local/bin/entrypoint.sh      |  12 +
 overlay/var/www/app/docker_setup.php     | 114 +++++++
 16 files changed, 1458 insertions(+)
 create mode 100644 .drone.jsonnet
 create mode 100644 .drone.yml
 create mode 100644 Dockerfile.linux.amd64
 create mode 100644 docker-compose.yml
 create mode 100644 manifest.tpl
 create mode 100644 overlay/etc/nginx/nginx.conf
 create mode 100644 overlay/etc/php7/php-fpm.conf
 create mode 100644 overlay/etc/php7/php.ini
 create mode 100644 overlay/etc/services.d/.s6-svscan/finish
 create mode 100755 overlay/etc/services.d/nginx/run
 create mode 100755 overlay/etc/services.d/php/run
 create mode 100755 overlay/etc/services.d/update-feeds/run
 create mode 100644 overlay/etc/templates/config.php.tmpl
 create mode 100644 overlay/etc/templates/php.ini.tmpl
 create mode 100755 overlay/usr/local/bin/entrypoint.sh
 create mode 100644 overlay/var/www/app/docker_setup.php

diff --git a/.drone.jsonnet b/.drone.jsonnet
new file mode 100644
index 0000000..b5ba128
--- /dev/null
+++ b/.drone.jsonnet
@@ -0,0 +1,107 @@
+local PipelineBuild(os='linux', arch='amd64') = {
+  local tag = os + '-' + arch,
+  local version_tag = os + '-' + arch,
+  local file_suffix = std.strReplace(version_tag, '-', '.'),
+  kind: "pipeline",
+  name: version_tag,
+  platform: {
+    os: os,
+    arch: arch,
+  },
+  steps: [
+    {
+      name: 'dryrun',
+      image: 'plugins/docker:' + tag,
+      pull: 'always',
+      settings: {
+        dry_run: true,
+        tags: version_tag,
+        dockerfile: 'docker/Dockerfile.' + file_suffix,
+        repo: ' xoxys/ttrss',
+        username: { from_secret: "docker_username" },
+        password: { from_secret: "docker_password" },
+      },
+    },
+    {
+      name: 'publish',
+      image: 'plugins/docker:' + tag,
+      pull: 'always',
+      settings: {
+        auto_tag: true,
+        auto_tag_suffix: version_tag,
+        dockerfile: 'docker/Dockerfile.' + file_suffix,
+        repo: ' xoxys/ttrss',
+        username: { from_secret: "docker_username" },
+        password: { from_secret: "docker_password" },
+      },
+      when: {
+        ref: [
+          'refs/heads/master',
+          'refs/tags/**',
+        ],
+      },
+    },
+  ],
+};
+
+local PipelineNotifications(depends_on=[]) = {
+  kind: "pipeline",
+  name: "notifications",
+  platform: {
+    os: "linux",
+    arch: "amd64",
+  },
+  steps: [
+    {
+      image: "plugins/manifest",
+      name: "manifest",
+      pull: "always",
+      settings: {
+        ignore_missing: true,
+        username: { from_secret: "docker_username" },
+        password: { from_secret: "docker_password" },
+        spec: "docker/manifest.tmpl",
+      },
+      when: {
+        ref: [
+          'refs/heads/master',
+          'refs/tags/**',
+        ],
+      },
+    },
+    {
+      name: "microbadger",
+      image: "plugins/webhook",
+      pull: "always",
+      settings: {
+        urls: { from_secret: "microbadger_url" },
+      },
+    },
+    {
+      image: "plugins/matrix",
+      name: "matrix",
+      pull: 'always',
+      settings: {
+        homeserver: "https://matrix.rknet.org",
+        roomid: "MtidqQXWWAtQcByBhH:rknet.org",
+        template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}",
+        username: { from_secret: "matrix_username" },
+        password: { from_secret: "matrix_password" },
+      },
+      when: {
+        status: [ "success", "failure" ],
+      },
+    },
+  ],
+  trigger: {
+    status: [ "success", "failure" ],
+  },
+  depends_on: depends_on,
+};
+
+[
+  PipelineBuild(os='linux', arch='amd64'),
+  PipelineNotifications(depends_on=[
+    "linux-amd64",
+  ])
+]
diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..8266139
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,99 @@
+---
+kind: pipeline
+name: linux-amd64
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+- name: dryrun
+  pull: always
+  image: plugins/docker:linux-amd64
+  settings:
+    dockerfile: docker/Dockerfile.linux.amd64
+    dry_run: true
+    password:
+      from_secret: docker_password
+    repo:  xoxys/ttrss
+    tags: linux-amd64
+    username:
+      from_secret: docker_username
+
+- name: publish
+  pull: always
+  image: plugins/docker:linux-amd64
+  settings:
+    auto_tag: true
+    auto_tag_suffix: linux-amd64
+    dockerfile: docker/Dockerfile.linux.amd64
+    password:
+      from_secret: docker_password
+    repo:  xoxys/ttrss
+    username:
+      from_secret: docker_username
+  when:
+    ref:
+    - refs/heads/master
+    - "refs/tags/**"
+
+---
+kind: pipeline
+name: notifications
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+- name: manifest
+  pull: always
+  image: plugins/manifest
+  settings:
+    ignore_missing: true
+    password:
+      from_secret: docker_password
+    spec: docker/manifest.tmpl
+    username:
+      from_secret: docker_username
+  when:
+    ref:
+    - refs/heads/master
+    - "refs/tags/**"
+
+- name: microbadger
+  pull: always
+  image: plugins/webhook
+  settings:
+    urls:
+      from_secret: microbadger_url
+
+- name: matrix
+  pull: always
+  image: plugins/matrix
+  settings:
+    homeserver: https://matrix.rknet.org
+    password:
+      from_secret: matrix_password
+    roomid: MtidqQXWWAtQcByBhH:rknet.org
+    template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
+    username:
+      from_secret: matrix_username
+  when:
+    status:
+    - success
+    - failure
+
+trigger:
+  status:
+  - success
+  - failure
+
+depends_on:
+- linux-amd64
+
+---
+kind: signature
+hmac: 61db8b8005c0b27eb1a77e27f8db95a6778716d3623ecea9f3cf2498d6230541
+
+...
diff --git a/Dockerfile.linux.amd64 b/Dockerfile.linux.amd64
new file mode 100644
index 0000000..3bc1e5f
--- /dev/null
+++ b/Dockerfile.linux.amd64
@@ -0,0 +1,34 @@
+FROM alpine:3.10.0
+
+ARG TTRSS_VERSION
+ARG TTRSS_TARBALL=https://git.tt-rss.org/git/tt-rss/archive/${TT_RSS_VERSION}.tar.gz
+ARG TTRSS_MASTER=https://git.tt-rss.org/fox/tt-rss.git
+
+RUN apk update && \
+    apk add gomplate openssl unzip nginx bash git ca-certificates s6 curl ssmtp mailx php7 php7-curl \
+    php7-fpm php7-xml php7-dom php7-opcache php7-iconv php7-pdo php7-pdo_mysql php7-mysqli php7-mysqlnd \
+    php7-pdo_pgsql php7-pgsql php7-gd php7-mcrypt php7-posix php7-ldap php7-json php7-mbstring \
+    php7-session php7-fileinfo php7-intl php7-pcntl && \
+    rm -rf /var/cache/apk/* && \
+    rm -rf /var/www/localhost && \
+    rm -f /etc/php7/php-fpm.d/www.conf && \
+    mkdir -p /var/www/app && \
+    if [ -z ${TTRSS_VERSION+x} ]; then \
+       git clone ${TTRSS_MASTER} /var/www/app; \
+    else \
+      curl -o /tmp/ttrss.tar.gz -L ${TTRSS_TARBALL}.tar.gz && \
+      tar xf /tmp/ttrss.tar.gz -C /var/www/app/ --strip-components=1 && \
+      rm -rf /tmp/*; \
+    fi
+
+ADD overlay/ /
+
+VOLUME /var/www/app/lock
+VOLUME /var/www/app/cache
+VOLUME /var/www/app/feed-icons
+
+EXPOSE 80
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+WORKDIR /var/www/app
+CMD []
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..7e83eb7
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,20 @@
+version: '2'
+
+services:
+  ttrss:
+    image: xoxys/ttrss:latest
+    ports:
+      - "80:80"
+      
+  db:
+    image: postgres
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: secure
+      POSTGRES_DB: ttrss
+    volumes:
+      - postgres_data:/var/lib/postgresql/data 
+
+volumes:
+  postgres_data:
+    driver: local
diff --git a/manifest.tpl b/manifest.tpl
new file mode 100644
index 0000000..0ce0a2e
--- /dev/null
+++ b/manifest.tpl
@@ -0,0 +1,13 @@
+image: xoxys/ttrss:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
+{{#if build.tags}}
+tags:
+{{#each build.tags}}
+  - {{this}}
+{{/each}}
+{{/if}}
+manifests:
+  -
+    image: plugins/ansible:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
+    platform:
+      architecture: amd64
+      os: linux
diff --git a/overlay/etc/nginx/nginx.conf b/overlay/etc/nginx/nginx.conf
new file mode 100644
index 0000000..1e435eb
--- /dev/null
+++ b/overlay/etc/nginx/nginx.conf
@@ -0,0 +1,68 @@
+user nginx;
+worker_processes 1;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile           on;
+    tcp_nopush         on;
+    tcp_nodelay        on;
+    keepalive_timeout  65;
+    server_tokens      off;
+    access_log         off;
+    error_log          /dev/stderr;
+    
+    fastcgi_buffers 16 16k;                                                                                                                                       
+    fastcgi_buffer_size 32k;
+
+    server {
+        listen       80;
+        server_name  localhost;
+        index        index.php;
+        root         /var/www/app;
+        client_max_body_size 32M;
+
+        location / {
+            try_files $uri $uri/ /index.php$is_args$args;
+        }
+
+        location ~ \.php$ {
+            try_files $uri =404;
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass unix:/var/run/php-fpm.sock;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_index index.php;
+            include fastcgi_params;
+        }
+
+        location ~ /\.ht {
+            return 404;
+        }
+
+        location ~* ^.+\.(ico|jpg|gif|png|css|js|svg|eot|ttf|woff|woff2|otf)$ {
+            log_not_found off;
+            expires 7d;
+            etag on;
+        }
+
+        gzip on;
+        gzip_comp_level 3;
+        gzip_disable "msie6";
+        gzip_vary on;
+        gzip_types
+            text/javascript
+            application/javascript
+            application/json
+            text/xml
+            application/xml
+            application/rss+xml
+            text/css
+            text/plain;
+    }
+}
diff --git a/overlay/etc/php7/php-fpm.conf b/overlay/etc/php7/php-fpm.conf
new file mode 100644
index 0000000..d922e84
--- /dev/null
+++ b/overlay/etc/php7/php-fpm.conf
@@ -0,0 +1,21 @@
+[global]
+error_log = /dev/stderr
+log_level = warning
+daemonize = no
+
+[www]
+catch_workers_output = yes
+
+user = nginx
+group = nginx
+
+listen.owner = nginx
+listen.group = nginx
+listen = /var/run/php-fpm.sock
+
+pm = dynamic
+pm.max_children = 20
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 2048
diff --git a/overlay/etc/php7/php.ini b/overlay/etc/php7/php.ini
new file mode 100644
index 0000000..744417e
--- /dev/null
+++ b/overlay/etc/php7/php.ini
@@ -0,0 +1,391 @@
+[PHP]
+user_ini.filename = ".user.ini"
+user_ini.cache_ttl = 300
+
+engine = On
+short_open_tag = Off
+
+precision = 14
+
+output_buffering = 0
+;output_handler =
+
+zlib.output_compression = Off
+;zlib.output_compression_level = -1
+;zlib.output_handler =
+
+implicit_flush = Off
+
+unserialize_callback_func =
+serialize_precision = 17
+
+;open_basedir =
+
+disable_functions =
+disable_classes =
+
+;highlight.string  = #DD0000
+;highlight.comment = #FF9900
+;highlight.keyword = #007700
+;highlight.default = #0000BB
+;highlight.html    = #000000
+
+;ignore_user_abort = On
+
+;realpath_cache_size = 16k
+;realpath_cache_ttl = 120
+
+zend.enable_gc = On
+;zend.multibyte = Off
+;zend.script_encoding =
+
+expose_php = Off
+
+max_execution_time = 30
+max_input_time = 60
+;max_input_nesting_level = 64
+;max_input_vars = 1000
+memory_limit = 128M
+
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+display_errors = Off
+display_startup_errors = Off
+log_errors = On
+log_errors_max_len = 1024
+ignore_repeated_errors = Off
+ignore_repeated_source = Off
+report_memleaks = On
+;report_zend_debug = 0
+;xmlrpc_errors = 0
+;xmlrpc_error_number = 0
+html_errors = On
+;docref_root = "/phpmanual/"
+;docref_ext = .html
+;error_prepend_string = "<span style='color: #ff0000'>"
+;error_append_string = "</span>"
+error_log = php_errors.log
+;windows.show_crt_warning
+
+;arg_separator.output = "&amp;"
+;arg_separator.input = ";&"
+
+variables_order = "GPCS"
+request_order = "GP"
+
+register_argc_argv = Off
+auto_globals_jit = On
+;enable_post_data_reading = Off
+post_max_size = 8M
+
+auto_prepend_file =
+auto_append_file =
+
+default_mimetype = "text/html"
+default_charset = "UTF-8"
+;internal_encoding =
+;input_encoding =
+;output_encoding =
+
+;include_path = ".:/php7/includes"
+
+doc_root =
+user_dir =
+
+extension_dir = "/usr/lib/php7/modules"
+;sys_temp_dir = "/tmp"
+enable_dl = Off
+
+;cgi.force_redirect = 1
+;cgi.nph = 1
+;cgi.redirect_status_env =
+cgi.fix_pathinfo = 0
+cgi.discard_path = 1
+
+;fastcgi.impersonate = 1
+;fastcgi.logging = 0
+;cgi.rfc2616_headers = 0
+;cgi.check_shebang_line = 1
+
+file_uploads = On
+;upload_tmp_dir =
+upload_max_filesize = 2M
+max_file_uploads = 20
+
+allow_url_fopen = On
+allow_url_include = Off
+
+;from="john@doe.com"
+;user_agent="PHP"
+
+default_socket_timeout = 60
+;auto_detect_line_endings = Off
+
+[CLI Server]
+cli_server.color = On
+
+[Date]
+date.timezone = Europe/Berlin
+;date.default_latitude = 31.7667
+;date.default_longitude = 35.2333
+;date.sunrise_zenith = 90.583333
+;date.sunset_zenith = 90.583333
+
+[filter]
+;filter.default = unsafe_raw
+;filter.default_flags =
+
+[iconv]
+;iconv.input_encoding =
+;iconv.internal_encoding =
+;iconv.output_encoding =
+
+[intl]
+;intl.default_locale =
+;intl.error_level = E_WARNING
+;intl.use_exceptions = 0
+
+[sqlite3]
+;sqlite3.extension_dir =
+
+[Pcre]
+;pcre.backtrack_limit = 100000
+;pcre.recursion_limit = 100000
+;pcre.jit = 1
+
+[Pdo]
+;pdo_odbc.connection_pooling = strict
+;pdo_odbc.db2_instance_name
+
+[Pdo_mysql]
+pdo_mysql.cache_size = 2000
+pdo_mysql.default_socket =
+
+[Phar]
+;phar.readonly = On
+;phar.require_hash = On
+;phar.cache_list =
+
+[mail function]
+SMTP = localhost
+smtp_port = 25
+;sendmail_path =
+
+;mail.force_extra_parameters =
+mail.add_x_header = On
+;mail.log =
+;mail.log = syslog
+
+[SQL]
+sql.safe_mode = On
+
+[ODBC]
+;odbc.default_db = Not yet implemented
+;odbc.default_user = Not yet implemented
+;odbc.default_pw = Not yet implemented
+;odbc.default_cursortype
+odbc.allow_persistent = On
+odbc.check_persistent = On
+odbc.max_persistent = -1
+odbc.max_links = -1
+odbc.defaultlrl = 4096
+odbc.defaultbinmode = 1
+;birdstep.max_links = -1
+
+[Interbase]
+ibase.allow_persistent = 1
+ibase.max_persistent = -1
+ibase.max_links = -1
+;ibase.default_db =
+;ibase.default_user =
+;ibase.default_password =
+;ibase.default_charset =
+ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
+ibase.dateformat = "%Y-%m-%d"
+ibase.timeformat = "%H:%M:%S"
+
+[MySQLi]
+;mysqli.allow_local_infile = On
+mysqli.max_persistent = -1
+mysqli.allow_persistent = On
+mysqli.max_links = -1
+mysqli.cache_size = 2000
+mysqli.default_port = 3306
+mysqli.default_socket =
+mysqli.default_host =
+mysqli.default_user =
+mysqli.default_pw =
+mysqli.reconnect = Off
+
+[mysqlnd]
+mysqlnd.collect_statistics = On
+mysqlnd.collect_memory_statistics = Off
+;mysqlnd.debug =
+;mysqlnd.log_mask = 0
+;mysqlnd.mempool_default_size = 16000
+;mysqlnd.net_cmd_buffer_size = 2048
+;mysqlnd.net_read_buffer_size = 32768
+;mysqlnd.net_read_timeout = 31536000
+;mysqlnd.sha256_server_public_key =
+
+[OCI8]
+;oci8.privileged_connect = Off
+;oci8.max_persistent = -1
+;oci8.persistent_timeout = -1
+;oci8.ping_interval = 60
+;oci8.connection_class =
+;oci8.events = Off
+;oci8.statement_cache_size = 20
+;oci8.default_prefetch = 100
+;oci8.old_oci_close_semantics = Off
+
+[PostgreSQL]
+pgsql.allow_persistent = On
+pgsql.auto_reset_persistent = Off
+pgsql.max_persistent = -1
+pgsql.max_links = -1
+pgsql.ignore_notice = 0
+pgsql.log_notice = 0
+
+[bcmath]
+bcmath.scale = 0
+
+[browscap]
+browscap = /etc/php7/browscap.ini
+
+[Session]
+session.save_handler = files
+;session.save_path = "/tmp"
+session.use_strict_mode = 0
+session.use_cookies = 1
+;session.cookie_secure =
+session.use_only_cookies = 1
+session.name = PHPSESSID
+session.auto_start = 0
+session.cookie_lifetime = 0
+session.cookie_path = /
+session.cookie_domain =
+session.cookie_httponly =
+session.serialize_handler = php
+session.gc_probability = 1
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.referer_check =
+;session.entropy_length = 32
+;session.entropy_file = /dev/urandom
+session.cache_limiter = nocache
+session.cache_expire = 180
+session.use_trans_sid = 0
+session.hash_function = 0
+session.hash_bits_per_character = 5
+url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
+;session.upload_progress.enabled = On
+;session.upload_progress.cleanup = On
+;session.upload_progress.prefix = "upload_progress_"
+;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
+;session.upload_progress.freq =  "1%"
+;session.upload_progress.min_freq = "1"
+;session.lazy_write = On
+
+[Assertion]
+zend.assertions = -1
+;assert.active = On
+;assert.exception = On
+;assert.warning = On
+;assert.bail = Off
+;assert.callback = 0
+;assert.quiet_eval = 0
+
+[COM]
+;com.typelib_file =
+;com.allow_dcom = true
+;com.autoregister_typelib = true
+;com.autoregister_casesensitive = false
+;com.autoregister_verbose = true
+;com.code_page=
+
+[mbstring]
+;mbstring.language = Japanese
+;mbstring.internal_encoding =
+;mbstring.http_input =
+;mbstring.http_output =
+;mbstring.encoding_translation = Off
+;mbstring.detect_order = auto
+;mbstring.substitute_character = none
+;mbstring.func_overload = 0
+;mbstring.strict_detection = On
+;mbstring.http_output_conv_mimetype =
+
+[gd]
+;gd.jpeg_ignore_warning = 0
+
+[exif]
+;exif.encode_unicode = ISO-8859-15
+;exif.decode_unicode_motorola = UCS-2BE
+;exif.decode_unicode_intel = UCS-2LE
+;exif.encode_jis =
+;exif.decode_jis_motorola = JIS
+;exif.decode_jis_intel = JIS
+
+[Tidy]
+;tidy.default_config = /usr/local/lib/php7/default.tcfg
+tidy.clean_output = Off
+
+[soap]
+soap.wsdl_cache_enabled = 1
+soap.wsdl_cache_dir = "/tmp"
+soap.wsdl_cache_ttl = 86400
+soap.wsdl_cache_limit = 5
+
+[sysvshm]
+;sysvshm.init_mem = 10000
+
+[ldap]
+ldap.max_links = -1
+
+[mcrypt]
+;mcrypt.algorithms_dir =
+;mcrypt.modes_dir =
+
+[dba]
+;dba.default_handler =
+
+[opcache]
+;opcache.enable = 0
+;opcache.enable_cli = 0
+;opcache.memory_consumption = 64
+;opcache.interned_strings_buffer = 4
+;opcache.max_accelerated_files = 2000
+;opcache.max_wasted_percentage = 5
+;opcache.use_cwd = 1
+;opcache.validate_timestamps = 1
+;opcache.revalidate_freq = 2
+;opcache.revalidate_path = 0
+;opcache.save_comments = 1
+;opcache.fast_shutdown = 0
+;opcache.enable_file_override = 0
+;opcache.optimization_level = 0xffffffff
+;opcache.dups_fix = 0
+;opcache.blacklist_filename =
+;opcache.max_file_size = 0
+;opcache.consistency_checks = 0
+;opcache.force_restart_timeout = 180
+;opcache.error_log =
+;opcache.log_verbosity_level = 1
+;opcache.preferred_memory_model =
+;opcache.protect_memory = 0
+;opcache.restrict_api =
+;opcache.mmap_base =
+;opcache.file_cache =
+;opcache.file_cache_only = 0
+;opcache.file_cache_consistency_checks = 1
+;opcache.file_cache_fallback = 1
+;opcache.huge_code_pages = 1
+;opcache.validate_permission = 0
+;opcache.validate_root = 0
+
+[curl]
+curl.cainfo = /etc/ssl/certs/ca-certificates.crt
+
+[openssl]
+openssl.cafile = /etc/ssl/certs/ca-certificates.crt
+openssl.capath = /etc/ssl/certs
diff --git a/overlay/etc/services.d/.s6-svscan/finish b/overlay/etc/services.d/.s6-svscan/finish
new file mode 100644
index 0000000..1dadeea
--- /dev/null
+++ b/overlay/etc/services.d/.s6-svscan/finish
@@ -0,0 +1,2 @@
+#!/bin/sh
+/bin/true
diff --git a/overlay/etc/services.d/nginx/run b/overlay/etc/services.d/nginx/run
new file mode 100755
index 0000000..7bb9132
--- /dev/null
+++ b/overlay/etc/services.d/nginx/run
@@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+nginx -g "daemon off;"
diff --git a/overlay/etc/services.d/php/run b/overlay/etc/services.d/php/run
new file mode 100755
index 0000000..21dd010
--- /dev/null
+++ b/overlay/etc/services.d/php/run
@@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+php-fpm7 -F
diff --git a/overlay/etc/services.d/update-feeds/run b/overlay/etc/services.d/update-feeds/run
new file mode 100755
index 0000000..84efbee
--- /dev/null
+++ b/overlay/etc/services.d/update-feeds/run
@@ -0,0 +1,2 @@
+#!/bin/execlineb -P
+s6-setuidgid nginx php7 /var/www/app/update_daemon2.php > /dev/null 2>&1
diff --git a/overlay/etc/templates/config.php.tmpl b/overlay/etc/templates/config.php.tmpl
new file mode 100644
index 0000000..2a9c812
--- /dev/null
+++ b/overlay/etc/templates/config.php.tmpl
@@ -0,0 +1,180 @@
+<?php
+	// *******************************************
+	// *** Database configuration (important!) ***
+	// *******************************************
+
+	define('DB_TYPE', '{{ getenv "TTRSS_DB_TYPE" "pgsql" }}');
+	define('DB_HOST', '{{ getenv "TTRSS_DB_HOST" "db" }}');
+	define('DB_USER', '{{ getenv "TTRSS_DB_USER" "postgres" }}');
+	define('DB_NAME', '{{ getenv "TTRSS_DB_NAME" "ttrss" }}');
+	define('DB_PASS', '{{ getenv "TTRSS_DB_PASS" "secure" }}');
+	define('DB_PORT', '{{ getenv "TTRSS_DB_PORT" "5432" }}'); // usually 5432 for PostgreSQL, 3306 for MySQL
+
+	define('MYSQL_CHARSET', 'UTF8');
+	// Connection charset for MySQL. If you have a legacy database and/or experience
+	// garbage unicode characters with this option, try setting it to a blank string.
+
+	// ***********************************
+	// *** Basic settings (important!) ***
+	// ***********************************
+
+	define('SELF_URL_PATH', '{{ getenv "TTRSS_SELF_URL_PATH" "http://localhost/" }}');
+	// This should be set to a fully qualified URL used to access
+	// your tt-rss instance over the net.
+	// The value should be a constant string literal. Please don't use
+	// PHP server variables here - you might introduce security
+	// issues on your install and cause hard to debug problems.
+	// If your tt-rss instance is behind a reverse proxy, use the external URL.
+
+	define('SINGLE_USER_MODE', {{ getenv "TTRSS_SINGLE_USER_MODE" "false" }});
+	// Operate in single user mode, disables all functionality related to
+	// multiple users and authentication. Enabling this assumes you have
+	// your tt-rss directory protected by other means (e.g. http auth).
+
+	define('SIMPLE_UPDATE_MODE', {{ getenv "TTRSS_SELF_URL_PATH" "false" }});
+	// Enables fallback update mode where tt-rss tries to update feeds in
+	// background while tt-rss is open in your browser.
+	// If you don't have a lot of feeds and don't want to or can't run
+	// background processes while not running tt-rss, this method is generally
+	// viable to keep your feeds up to date.
+	// Still, there are more robust (and recommended) updating methods
+	// available, you can read about them here: http://tt-rss.org/wiki/UpdatingFeeds
+
+	// *****************************
+	// *** Files and directories ***
+	// *****************************
+
+	define('PHP_EXECUTABLE', '{{ getenv "TTRSS_PHP_EXECUTABLE" "/usr/bin/php" }}');
+	// Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss
+	// programs and update daemon. Do not try to use CGI binary here, it won't work.
+	// If you see HTTP headers being displayed while running tt-rss scripts,
+	// then most probably you are using the CGI binary. If you are unsure what to
+	// put in here, ask your hosting provider.
+
+	define('LOCK_DIRECTORY', 'lock');
+	// Directory for lockfiles, must be writable to the user you run
+	// daemon process or cronjobs under.
+
+	define('CACHE_DIR', 'cache');
+	// Local cache directory for RSS feed content.
+
+	define('ICONS_DIR', 'feed-icons');
+	define('ICONS_URL', 'feed-icons');
+	// Local and URL path to the directory, where feed favicons are stored.
+	// Unless you really know what you're doing, please keep those relative
+	// to tt-rss main directory.
+
+	// **********************
+	// *** Authentication ***
+	// **********************
+
+	// Please see PLUGINS below to configure various authentication modules.
+
+	define('AUTH_AUTO_CREATE', {{ getenv "TTRSS_AUTH_AUTO_CREATE" "true" }});
+	// Allow authentication modules to auto-create users in tt-rss internal
+	// database when authenticated successfully.
+
+	define('AUTH_AUTO_LOGIN', {{ getenv "TTRSS_AUTH_AUTO_LOGIN" "true" }});
+	// Automatically login user on remote or other kind of externally supplied
+	// authentication, otherwise redirect to login form as normal.
+	// If set to true, users won't be able to set application language
+	// and settings profile.
+
+	// *********************
+	// *** Feed settings ***
+	// *********************
+
+	define('FORCE_ARTICLE_PURGE', {{ getenv "TTRSS_FORCE_ARTICLE_PURGE" "0" }});
+	// When this option is not 0, users ability to control feed purging
+	// intervals is disabled and all articles (which are not starred)
+	// older than this amount of days are purged.
+
+	// ****************************
+	// *** Sphinx search plugin ***
+	// ****************************
+
+	define('SPHINX_SERVER', '{{ getenv "TTRSS_SPHINX_SERVER" "localhost:9312" }}');
+	// Hostname:port combination for the Sphinx server.
+
+	define('SPHINX_INDEX', '{{ getenv "TTRSS_SPHINX_INDEX" "ttrss, delta" }}');
+	// Index name in Sphinx configuration. You can specify multiple indexes
+	// as a comma-separated string.
+	// Example configuration files are available on tt-rss wiki.
+
+	// ***********************************
+	// *** Self-registrations by users ***
+	// ***********************************
+
+	define('ENABLE_REGISTRATION', {{ getenv "TTRSS_ENABLE_REGISTRATION" "false" }});
+	// Allow users to register themselves. Please be aware that allowing
+	// random people to access your tt-rss installation is a security risk
+	// and potentially might lead to data loss or server exploit. Disabled
+	// by default.
+
+	define('REG_NOTIFY_ADDRESS', '{{ getenv "TTRSS_REG_NOTIFY_ADDRESS" }}');
+	// Email address to send new user notifications to.
+
+	define('REG_MAX_USERS', {{ getenv "TTRSS_REG_MAX_USERS" "10" }});
+	// Maximum amount of users which will be allowed to register on this
+	// system. 0 - no limit.
+
+	// **********************************
+	// *** Cookies and login sessions ***
+	// **********************************
+
+	define('SESSION_COOKIE_LIFETIME', {{ getenv "TTRSS_SESSION_COOKIE_LIFETIME" "86400" }});
+	// Default lifetime of a session (e.g. login) cookie. In seconds,
+	// 0 means cookie will be deleted when browser closes.
+
+	// *********************************
+	// *** Email and digest settings ***
+	// *********************************
+
+	// Tiny Tiny RSS sends mail via PHP mail() function, unless handled
+	// by a plugin.
+
+	// If you need SMTP support, take a look here:
+	// https://git.tt-rss.org/fox/ttrss-mailer-smtp
+
+	define('SMTP_FROM_NAME', '{{ getenv "TTRSS_SMTP_FROM_NAME" "Tiny Tiny RSS" }}');
+	define('SMTP_FROM_ADDRESS', '{{ getenv "TTRSS_SMTP_FROM_NAME" }}');
+	// Name, address and subject for sending outgoing mail. This applies
+	// to password reset notifications, digest emails and any other mail.
+
+	define('DIGEST_SUBJECT', '{{ getenv "TTRSS_DIGEST_SUBJECT" "[tt-rss] New headlines for last 24 hours" }}');
+	// Subject line for email digests
+
+	// ***************************************
+	// *** Other settings (less important) ***
+	// ***************************************
+
+	define('CHECK_FOR_UPDATES', {{ getenv "TTRSS_CHECK_FOR_UPDATES" "true" }});
+	// Check for updates automatically if running Git version
+
+	define('ENABLE_GZIP_OUTPUT', {{ getenv "TTRSS_ENABLE_GZIP_OUTPUT" "false" }});
+	// Selectively gzip output to improve wire performance. This requires
+	// PHP Zlib extension on the server.
+	// Enabling this can break tt-rss in several httpd/php configurations,
+	// if you experience weird errors and tt-rss failing to start, blank pages
+	// after login, or content encoding errors, disable it.
+
+	define('PLUGINS', '{{ getenv "TTRSS_PLUGINS" "auth_internal, note" }}');
+	// Comma-separated list of plugins to load automatically for all users.
+	// System plugins have to be specified here. Please enable at least one
+	// authentication plugin here (auth_*).
+	// Users may enable other user plugins from Preferences/Plugins but may not
+	// disable plugins specified in this list.
+	// Disabling auth_internal in this list would automatically disable
+	// reset password link on the login form.
+
+	define('LOG_DESTINATION', '{{ getenv "TTRSS_LOG_DESTINATION" "sql" }}');
+	// Error log destination to use. Possible values: sql (uses internal logging
+	// you can read in Preferences -> System), syslog - logs to system log.
+	// Setting this to blank uses PHP logging (usually to http server
+	// error.log).
+	// Note that feed updating daemons don't use this logging facility
+	// for normal output.
+
+	define('CONFIG_VERSION', {{ getenv "TTRSS_CONFIG_VERSION" "26" }});
+	// Expected config version. Please update this option in config.php
+	// if necessary (after migrating all new options from this file).
diff --git a/overlay/etc/templates/php.ini.tmpl b/overlay/etc/templates/php.ini.tmpl
new file mode 100644
index 0000000..3a57093
--- /dev/null
+++ b/overlay/etc/templates/php.ini.tmpl
@@ -0,0 +1,391 @@
+[PHP]
+user_ini.filename = ".user.ini"
+user_ini.cache_ttl = 300
+
+engine = On
+short_open_tag = Off
+
+precision = 14
+
+output_buffering = 0
+;output_handler =
+
+zlib.output_compression = Off
+;zlib.output_compression_level = -1
+;zlib.output_handler =
+
+implicit_flush = Off
+
+unserialize_callback_func =
+serialize_precision = 17
+
+;open_basedir =
+
+disable_functions =
+disable_classes =
+
+;highlight.string  = #DD0000
+;highlight.comment = #FF9900
+;highlight.keyword = #007700
+;highlight.default = #0000BB
+;highlight.html    = #000000
+
+;ignore_user_abort = On
+
+;realpath_cache_size = 16k
+;realpath_cache_ttl = 120
+
+zend.enable_gc = On
+;zend.multibyte = Off
+;zend.script_encoding =
+
+expose_php = {{ getenv "PHP_EXPOSE_PHP" "Off" }}
+
+max_execution_time = {{ getenv "PHP_MAX_EXECUTION_TIME" "30" }}
+max_input_time = {{ getenv "PHP_MAX_INPUT_TIME" "60" }}
+;max_input_nesting_level = 64
+;max_input_vars = 1000
+memory_limit = {{ getenv "PHP_MEMORY_LIMIT" "128M" }}
+
+error_reporting = {{ getenv "PHP_ERROR_REPORTING" "E_ALL & ~E_DEPRECATED & ~E_STRICT" }}
+display_errors = {{ getenv "PHP_DISPLAY_ERRORS" "Off" }}
+display_startup_errors = {{ getenv "PHP_DISPLAY_STARTUP_ERRORS" "Off" }}
+log_errors = {{ getenv "PHP_LOG_ERRORS" "On" }}
+log_errors_max_len = {{ getenv "PHP_LOG_ERRORS_MAX_LEN" "1024" }}
+ignore_repeated_errors = {{ getenv "PHP_IGNORE_REPEATED_ERRORS" "Off" }}
+ignore_repeated_source = {{ getenv "PHP_IGNORE_REPEATED_SOURCE" "Off" }}
+report_memleaks = {{ getenv "PHP_REPORT_MEMLEAKS" "On" }}
+;report_zend_debug = 0
+;xmlrpc_errors = 0
+;xmlrpc_error_number = 0
+html_errors = {{ getenv "PHP_HTML_ERRORS" "On" }}
+;docref_root = "/phpmanual/"
+;docref_ext = .html
+;error_prepend_string = "<span style='color: #ff0000'>"
+;error_append_string = "</span>"
+error_log = {{ getenv "PHP_ERROR_LOG" "php_errors.log"}}
+;windows.show_crt_warning
+
+;arg_separator.output = "&amp;"
+;arg_separator.input = ";&"
+
+variables_order = "GPCS"
+request_order = "GP"
+
+register_argc_argv = Off
+auto_globals_jit = On
+;enable_post_data_reading = Off
+post_max_size = {{ getenv "PHP_POST_MAX_SIZE" "8M" }}
+
+auto_prepend_file =
+auto_append_file =
+
+default_mimetype = "text/html"
+default_charset = "UTF-8"
+;internal_encoding =
+;input_encoding =
+;output_encoding =
+
+;include_path = ".:/php7/includes"
+
+doc_root =
+user_dir =
+
+extension_dir = "/usr/lib/php7/modules"
+;sys_temp_dir = "/tmp"
+enable_dl = Off
+
+;cgi.force_redirect = 1
+;cgi.nph = 1
+;cgi.redirect_status_env =
+cgi.fix_pathinfo = 0
+cgi.discard_path = 1
+
+;fastcgi.impersonate = 1
+;fastcgi.logging = 0
+;cgi.rfc2616_headers = 0
+;cgi.check_shebang_line = 1
+
+file_uploads = On
+;upload_tmp_dir =
+upload_max_filesize = {{ getenv "PHP_UPLOAD_MAX_FILESIZE" "2M" }}
+max_file_uploads = 20
+
+allow_url_fopen = {{ getenv "PHP_ALLOW_URL_FOPEN" "On" }}
+allow_url_include = Off
+
+;from="john@doe.com"
+;user_agent="PHP"
+
+default_socket_timeout = 60
+;auto_detect_line_endings = Off
+
+[CLI Server]
+cli_server.color = On
+
+[Date]
+date.timezone = {{ getenv "PHP_DATE_TIMEZONE" "Europe/Berlin" }}
+;date.default_latitude = 31.7667
+;date.default_longitude = 35.2333
+;date.sunrise_zenith = 90.583333
+;date.sunset_zenith = 90.583333
+
+[filter]
+;filter.default = unsafe_raw
+;filter.default_flags =
+
+[iconv]
+;iconv.input_encoding =
+;iconv.internal_encoding =
+;iconv.output_encoding =
+
+[intl]
+;intl.default_locale =
+;intl.error_level = E_WARNING
+;intl.use_exceptions = 0
+
+[sqlite3]
+;sqlite3.extension_dir =
+
+[Pcre]
+;pcre.backtrack_limit = 100000
+;pcre.recursion_limit = 100000
+;pcre.jit = 1
+
+[Pdo]
+;pdo_odbc.connection_pooling = strict
+;pdo_odbc.db2_instance_name
+
+[Pdo_mysql]
+pdo_mysql.cache_size = 2000
+pdo_mysql.default_socket =
+
+[Phar]
+;phar.readonly = On
+;phar.require_hash = On
+;phar.cache_list =
+
+[mail function]
+SMTP = localhost
+smtp_port = 25
+;sendmail_path =
+
+;mail.force_extra_parameters =
+mail.add_x_header = On
+;mail.log =
+;mail.log = syslog
+
+[SQL]
+sql.safe_mode = {{ getenv "PHP_SQL_SAFE_MODE" "On" }}
+
+[ODBC]
+;odbc.default_db = Not yet implemented
+;odbc.default_user = Not yet implemented
+;odbc.default_pw = Not yet implemented
+;odbc.default_cursortype
+odbc.allow_persistent = On
+odbc.check_persistent = On
+odbc.max_persistent = -1
+odbc.max_links = -1
+odbc.defaultlrl = 4096
+odbc.defaultbinmode = 1
+;birdstep.max_links = -1
+
+[Interbase]
+ibase.allow_persistent = 1
+ibase.max_persistent = -1
+ibase.max_links = -1
+;ibase.default_db =
+;ibase.default_user =
+;ibase.default_password =
+;ibase.default_charset =
+ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
+ibase.dateformat = "%Y-%m-%d"
+ibase.timeformat = "%H:%M:%S"
+
+[MySQLi]
+;mysqli.allow_local_infile = On
+mysqli.max_persistent = -1
+mysqli.allow_persistent = On
+mysqli.max_links = -1
+mysqli.cache_size = 2000
+mysqli.default_port = 3306
+mysqli.default_socket =
+mysqli.default_host =
+mysqli.default_user =
+mysqli.default_pw =
+mysqli.reconnect = Off
+
+[mysqlnd]
+mysqlnd.collect_statistics = On
+mysqlnd.collect_memory_statistics = Off
+;mysqlnd.debug =
+;mysqlnd.log_mask = 0
+;mysqlnd.mempool_default_size = 16000
+;mysqlnd.net_cmd_buffer_size = 2048
+;mysqlnd.net_read_buffer_size = 32768
+;mysqlnd.net_read_timeout = 31536000
+;mysqlnd.sha256_server_public_key =
+
+[OCI8]
+;oci8.privileged_connect = Off
+;oci8.max_persistent = -1
+;oci8.persistent_timeout = -1
+;oci8.ping_interval = 60
+;oci8.connection_class =
+;oci8.events = Off
+;oci8.statement_cache_size = 20
+;oci8.default_prefetch = 100
+;oci8.old_oci_close_semantics = Off
+
+[PostgreSQL]
+pgsql.allow_persistent = On
+pgsql.auto_reset_persistent = Off
+pgsql.max_persistent = -1
+pgsql.max_links = -1
+pgsql.ignore_notice = 0
+pgsql.log_notice = 0
+
+[bcmath]
+bcmath.scale = 0
+
+[browscap]
+browscap = /etc/php7/browscap.ini
+
+[Session]
+session.save_handler = files
+;session.save_path = "/tmp"
+session.use_strict_mode = 0
+session.use_cookies = 1
+;session.cookie_secure =
+session.use_only_cookies = 1
+session.name = PHPSESSID
+session.auto_start = 0
+session.cookie_lifetime = 0
+session.cookie_path = /
+session.cookie_domain =
+session.cookie_httponly =
+session.serialize_handler = php
+session.gc_probability = 1
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.referer_check =
+;session.entropy_length = 32
+;session.entropy_file = /dev/urandom
+session.cache_limiter = nocache
+session.cache_expire = 180
+session.use_trans_sid = 0
+session.hash_function = 0
+session.hash_bits_per_character = 5
+url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
+;session.upload_progress.enabled = On
+;session.upload_progress.cleanup = On
+;session.upload_progress.prefix = "upload_progress_"
+;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
+;session.upload_progress.freq =  "1%"
+;session.upload_progress.min_freq = "1"
+;session.lazy_write = On
+
+[Assertion]
+zend.assertions = -1
+;assert.active = On
+;assert.exception = On
+;assert.warning = On
+;assert.bail = Off
+;assert.callback = 0
+;assert.quiet_eval = 0
+
+[COM]
+;com.typelib_file =
+;com.allow_dcom = true
+;com.autoregister_typelib = true
+;com.autoregister_casesensitive = false
+;com.autoregister_verbose = true
+;com.code_page=
+
+[mbstring]
+;mbstring.language = Japanese
+;mbstring.internal_encoding =
+;mbstring.http_input =
+;mbstring.http_output =
+;mbstring.encoding_translation = Off
+;mbstring.detect_order = auto
+;mbstring.substitute_character = none
+;mbstring.func_overload = 0
+;mbstring.strict_detection = On
+;mbstring.http_output_conv_mimetype =
+
+[gd]
+;gd.jpeg_ignore_warning = 0
+
+[exif]
+;exif.encode_unicode = ISO-8859-15
+;exif.decode_unicode_motorola = UCS-2BE
+;exif.decode_unicode_intel = UCS-2LE
+;exif.encode_jis =
+;exif.decode_jis_motorola = JIS
+;exif.decode_jis_intel = JIS
+
+[Tidy]
+;tidy.default_config = /usr/local/lib/php7/default.tcfg
+tidy.clean_output = Off
+
+[soap]
+soap.wsdl_cache_enabled = 1
+soap.wsdl_cache_dir = "/tmp"
+soap.wsdl_cache_ttl = 86400
+soap.wsdl_cache_limit = 5
+
+[sysvshm]
+;sysvshm.init_mem = 10000
+
+[ldap]
+ldap.max_links = -1
+
+[mcrypt]
+;mcrypt.algorithms_dir =
+;mcrypt.modes_dir =
+
+[dba]
+;dba.default_handler =
+
+[opcache]
+;opcache.enable = 0
+;opcache.enable_cli = 0
+;opcache.memory_consumption = 64
+;opcache.interned_strings_buffer = 4
+;opcache.max_accelerated_files = 2000
+;opcache.max_wasted_percentage = 5
+;opcache.use_cwd = 1
+;opcache.validate_timestamps = 1
+;opcache.revalidate_freq = 2
+;opcache.revalidate_path = 0
+;opcache.save_comments = 1
+;opcache.fast_shutdown = 0
+;opcache.enable_file_override = 0
+;opcache.optimization_level = 0xffffffff
+;opcache.dups_fix = 0
+;opcache.blacklist_filename =
+;opcache.max_file_size = 0
+;opcache.consistency_checks = 0
+;opcache.force_restart_timeout = 180
+;opcache.error_log =
+;opcache.log_verbosity_level = 1
+;opcache.preferred_memory_model =
+;opcache.protect_memory = 0
+;opcache.restrict_api =
+;opcache.mmap_base =
+;opcache.file_cache =
+;opcache.file_cache_only = 0
+;opcache.file_cache_consistency_checks = 1
+;opcache.file_cache_fallback = 1
+;opcache.huge_code_pages = 1
+;opcache.validate_permission = 0
+;opcache.validate_root = 0
+
+[curl]
+curl.cainfo = /etc/ssl/certs/ca-certificates.crt
+
+[openssl]
+openssl.cafile = /etc/ssl/certs/ca-certificates.crt
+openssl.capath = /etc/ssl/certs
diff --git a/overlay/usr/local/bin/entrypoint.sh b/overlay/usr/local/bin/entrypoint.sh
new file mode 100755
index 0000000..50f1b03
--- /dev/null
+++ b/overlay/usr/local/bin/entrypoint.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+/usr/bin/gomplate -V -o /etc/php7/php.ini -f /etc/templates/php.ini.tmpl
+/usr/bin/gomplate -V -o /var/www/app/config.php -f /etc/templates/config.php.tmpl
+
+chown -R nginx:nginx /var/www/app/lock
+chown -R nginx:nginx /var/www/app/cache
+chown -R nginx:nginx /var/www/app/feed-icons
+
+s6-setuidgid nginx php7 /var/www/app/docker_setup.php
+
+exec /bin/s6-svscan /etc/services.d
diff --git a/overlay/var/www/app/docker_setup.php b/overlay/var/www/app/docker_setup.php
new file mode 100644
index 0000000..3eadf15
--- /dev/null
+++ b/overlay/var/www/app/docker_setup.php
@@ -0,0 +1,114 @@
+<?php
+
+// Based on https://git.tt-rss.org/fox/tt-rss/src/master/install/index.php
+// For the case $op == 'installschema'
+
+function sanity_check($db_type) {
+	$errors = array();
+
+	if (version_compare(PHP_VERSION, '5.6.0', '<')) {
+		array_push($errors, "PHP version 5.6.0 or newer required. You're using " . PHP_VERSION . ".");
+	}
+
+	if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
+		array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
+	}
+
+	if (!function_exists("json_encode")) {
+		array_push($errors, "PHP support for JSON is required, but was not found.");
+	}
+
+	if (!class_exists("PDO")) {
+		array_push($errors, "PHP support for PDO is required but was not found.");
+	}
+
+	if (!function_exists("mb_strlen")) {
+		array_push($errors, "PHP support for mbstring functions is required but was not found.");
+	}
+
+	if (!function_exists("hash")) {
+		array_push($errors, "PHP support for hash() function is required but was not found.");
+	}
+
+	if (!function_exists("iconv")) {
+		array_push($errors, "PHP support for iconv is required to handle multiple charsets.");
+	}
+
+	if (ini_get("safe_mode")) {
+		array_push($errors, "PHP safe mode setting is obsolete and not supported by tt-rss.");
+	}
+
+	if (!class_exists("DOMDocument")) {
+		array_push($errors, "PHP support for DOMDocument is required, but was not found.");
+	}
+
+	return $errors;
+}
+
+function pdo_connect($host, $user, $pass, $db, $type, $port = false) {
+
+    $db_port = $port ? ';port=' . $port : '';
+    $db_host = $host ? ';host=' . $host : '';
+
+    try {
+        $pdo = new PDO($type . ':dbname=' . $db . $db_host . $db_port,
+            $user,
+            $pass);
+
+        return $pdo;
+    } catch (Exception $e) {
+        echo "Unable to connect to database using specified parameters : " .  $e->getMessage() . PHP_EOL;
+        return null;
+    }
+}
+
+if (file_exists("/var/www/app/config.php")) {
+    echo "Loading config.php" . PHP_EOL;
+    require_once "/var/www/app/config.php";
+
+    $pdo = pdo_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_TYPE, DB_PORT);
+    if (!$pdo) {
+        exit(2);
+    }
+    
+    echo "Running sanity check.";
+    $errors = sanity_check(DB_TYPE);
+    if (count($errors) > 0) {
+			foreach ($errors as $error) {
+  			echo "$error";
+			}
+		}
+
+    echo "Connected to the database" . PHP_EOL;
+
+    $res = $pdo->query("SELECT true FROM ttrss_feeds");
+    if ($res && $res->fetch()) {
+        echo "Some tt-rss data already exists in this database, skipping database installation" . PHP_EOL;
+        exit(0);
+    }
+    echo "tt-rss data not found, initializing the database" . PHP_EOL;
+
+    $lines = explode(";", preg_replace("/[\r\n]/", "",
+        file_get_contents("/var/www/app/schema/ttrss_schema_".basename(DB_TYPE).".sql")));
+
+    $dbInitError = 0;
+    foreach ($lines as $line) {
+        if (strpos($line, "--") !== 0 && $line) {
+            $res = $pdo->query($line);
+
+            if (!$res) {
+                echo "Query: $line" . PHP_EOL;
+                echo "Error: " . implode(", ", $this->pdo->errorInfo()) . PHP_EOL;
+                $dbInitError++;
+            }
+        }
+    }
+
+    if($dbInitError == 0) {
+        echo "Database initialization completed." . PHP_EOL;
+        exit(0);
+    } else {
+        echo "Database initialization failed." . PHP_EOL;
+        exit(1);
+    }
+}