mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-25 05:34:06 -08:00
* Add docker secret support * Add docker secret support to selected environment variables below: - APP_KEY_FILE -> APP_KEY; - DB_HOST_FILE -> DB_HOST; - DB_PORT_FILE -> DB_PORT; - DB_DATABASE_FILE -> DB_DATABASE; - DB_USERNAME_FILE -> DB_USERNAME; - DB_PASSWORD_FILE -> DB_PASSWORD; - REDIS_HOST_FILE -> REDIS_HOST; - REDIS_PASSWORD_FILE -> REDIS_PASSWORD; - REDIS_PORT_FILE -> REDIS_PORT; - MAIL_HOST_FILE -> MAIL_HOST; - MAIL_PORT_FILE -> MAIL_PORT; - MAIL_USERNAME_FILE -> MAIL_USERNAME; - MAIL_PASSWORD_FILE -> MAIL_PASSWORD; * Add env file for docker secrets * Added #9313: add new fpm-image using docker secrets * Fix broken symlinks * Add docker secrets support using shell script * Remove old docker config php files
This commit is contained in:
parent
da79a16284
commit
fdcb63f251
102
Dockerfile.fpm-alpine
Normal file
102
Dockerfile.fpm-alpine
Normal file
|
@ -0,0 +1,102 @@
|
||||||
|
ARG ENVIRONMENT=production
|
||||||
|
ARG SNIPEIT_RELEASE=5.1.3
|
||||||
|
ARG PHP_VERSION=7.4.16
|
||||||
|
ARG PHP_ALPINE_VERSION=3.13
|
||||||
|
ARG COMPOSER_VERSION=2.0.11
|
||||||
|
|
||||||
|
# Cannot use arguments with 'COPY --from' workaround
|
||||||
|
# https://github.com/moby/moby/issues/34482#issuecomment-454716952
|
||||||
|
FROM composer:${COMPOSER_VERSION} AS composer
|
||||||
|
|
||||||
|
# Final stage
|
||||||
|
FROM php:${PHP_VERSION}-fpm-alpine${PHP_ALPINE_VERSION} AS source
|
||||||
|
LABEL maintainer="Mateus Villar <mromeravillar@gmail.com>"
|
||||||
|
|
||||||
|
ARG PACKAGES="\
|
||||||
|
mysql-client \
|
||||||
|
"
|
||||||
|
ARG DEV_PACKAGES="\
|
||||||
|
git \
|
||||||
|
"
|
||||||
|
ARG ENVIRONMENT
|
||||||
|
ENV ENVIRONMENT ${ENVIRONMENT}
|
||||||
|
ARG SNIPEIT_RELEASE
|
||||||
|
ENV SNIPEIT_RELEASE ${SNIPEIT_RELEASE}
|
||||||
|
|
||||||
|
# Cribbed from wordpress-fpm-alpine image
|
||||||
|
# set recommended PHP.ini settings
|
||||||
|
# see https://secure.php.net/manual/en/opcache.installation.php
|
||||||
|
RUN set -eux; \
|
||||||
|
docker-php-ext-enable opcache; \
|
||||||
|
{ \
|
||||||
|
echo 'opcache.memory_consumption=128'; \
|
||||||
|
echo 'opcache.interned_strings_buffer=8'; \
|
||||||
|
echo 'opcache.max_accelerated_files=4000'; \
|
||||||
|
echo 'opcache.revalidate_freq=2'; \
|
||||||
|
echo 'opcache.fast_shutdown=1'; \
|
||||||
|
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
|
||||||
|
# https://wordpress.org/support/article/editing-wp-config-php/#configure-error-logging
|
||||||
|
RUN { \
|
||||||
|
# https://www.php.net/manual/en/errorfunc.constants.php
|
||||||
|
# https://github.com/docker-library/wordpress/issues/420#issuecomment-517839670
|
||||||
|
echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
|
||||||
|
echo 'display_errors = Off'; \
|
||||||
|
echo 'display_startup_errors = Off'; \
|
||||||
|
echo 'log_errors = On'; \
|
||||||
|
echo 'error_log = /dev/stderr'; \
|
||||||
|
echo 'log_errors_max_len = 1024'; \
|
||||||
|
echo 'ignore_repeated_errors = On'; \
|
||||||
|
echo 'ignore_repeated_source = Off'; \
|
||||||
|
echo 'html_errors = Off'; \
|
||||||
|
} > /usr/local/etc/php/conf.d/error-logging.ini
|
||||||
|
|
||||||
|
# Install php extensions inside docker containers easily
|
||||||
|
# https://github.com/mlocati/docker-php-extension-installer
|
||||||
|
COPY --from=mlocati/php-extension-installer:1.2.19 /usr/bin/install-php-extensions /usr/local/bin/
|
||||||
|
RUN set -eux; \
|
||||||
|
install-php-extensions \
|
||||||
|
bcmath \
|
||||||
|
gd \
|
||||||
|
ldap \
|
||||||
|
mysqli \
|
||||||
|
pdo_mysql \
|
||||||
|
zip; \
|
||||||
|
rm -f /usr/local/bin/install-php-extensions; \
|
||||||
|
# Install prerequisites packages
|
||||||
|
apk add --no-cache \
|
||||||
|
${PACKAGES};
|
||||||
|
|
||||||
|
COPY --from=composer /usr/bin/composer /usr/local/bin
|
||||||
|
ARG COMPOSER_ALLOW_SUPERUSER=1
|
||||||
|
RUN set -eux; \
|
||||||
|
# Download and extract snipeit tarball
|
||||||
|
curl -o snipeit.tar.gz -fL "https://github.com/snipe/snipe-it/archive/v$SNIPEIT_RELEASE.tar.gz"; \
|
||||||
|
tar -xzf snipeit.tar.gz --strip-components=1 -C /var/www/html/; \
|
||||||
|
rm snipeit.tar.gz; \
|
||||||
|
# Install composer php dependencies
|
||||||
|
if [ "$ENVIRONMENT" = "production" ]; then \
|
||||||
|
echo "production enviroment detected!"; \
|
||||||
|
composer update \
|
||||||
|
--no-cache \
|
||||||
|
--no-dev \
|
||||||
|
--optimize-autoloader \
|
||||||
|
--working-dir=/var/www/html; \
|
||||||
|
else \
|
||||||
|
echo "development enviroment detected!"; \
|
||||||
|
apk add --no-cache \
|
||||||
|
${DEV_PACKAGES}; \
|
||||||
|
composer update \
|
||||||
|
--no-cache \
|
||||||
|
--prefer-source \
|
||||||
|
--optimize-autoloader \
|
||||||
|
--working-dir=/var/www/html; \
|
||||||
|
fi; \
|
||||||
|
rm -f /usr/local/bin/composer; \
|
||||||
|
chown -R www-data:www-data /var/www/html;
|
||||||
|
|
||||||
|
VOLUME [ "/var/lib/snipeit" ]
|
||||||
|
|
||||||
|
COPY --chown=www-data:www-data docker/docker-secrets.env /var/www/html/.env
|
||||||
|
COPY --chmod=655 docker/docker-entrypoint.sh /usr/local/bin/docker-snipeit-entrypoint
|
||||||
|
ENTRYPOINT [ "/usr/local/bin/docker-snipeit-entrypoint" ]
|
||||||
|
CMD [ "/usr/local/bin/docker-php-entrypoint", "php-fpm" ]
|
119
docker/docker-entrypoint.sh
Executable file
119
docker/docker-entrypoint.sh
Executable file
|
@ -0,0 +1,119 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -eo pipefail;
|
||||||
|
|
||||||
|
# Cribbed from nextcloud docker official repo
|
||||||
|
# https://github.com/nextcloud/docker/blob/master/docker-entrypoint.sh
|
||||||
|
# usage: file_env VAR [DEFAULT]
|
||||||
|
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||||
|
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
|
||||||
|
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||||
|
file_env() {
|
||||||
|
local var="$1"
|
||||||
|
local fileVar="${var}_FILE"
|
||||||
|
local def="${2:-}"
|
||||||
|
local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
|
||||||
|
local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
|
||||||
|
if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
|
||||||
|
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -n "${varValue}" ]; then
|
||||||
|
export "$var"="${varValue}"
|
||||||
|
elif [ -n "${fileVarValue}" ]; then
|
||||||
|
export "$var"="$(cat "${fileVarValue}")"
|
||||||
|
elif [ -n "${def}" ]; then
|
||||||
|
export "$var"="$def"
|
||||||
|
fi
|
||||||
|
unset "$fileVar"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Add docker secrets support for the variables below:
|
||||||
|
file_env APP_KEY
|
||||||
|
file_env DB_HOST
|
||||||
|
file_env DB_PORT
|
||||||
|
file_env DB_DATABASE
|
||||||
|
file_env DB_USERNAME
|
||||||
|
file_env DB_PASSWORD
|
||||||
|
file_env REDIS_HOST
|
||||||
|
file_env REDIS_PASSWORD
|
||||||
|
file_env REDIS_PORT
|
||||||
|
file_env MAIL_HOST
|
||||||
|
file_env MAIL_PORT
|
||||||
|
file_env MAIL_USERNAME
|
||||||
|
file_env MAIL_PASSWORD
|
||||||
|
|
||||||
|
echo [INFO docker entrypoint] Start script execution
|
||||||
|
|
||||||
|
# Generate new app key if none is provided
|
||||||
|
if [ -z "$APP_KEY" -a -z "$APP_KEY_FILE" ]
|
||||||
|
then
|
||||||
|
echo "Please re-run this container with an environment variable \$APP_KEY"
|
||||||
|
echo "An example APP_KEY you could use is: "
|
||||||
|
php artisan key:generate --show
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Directory configuration
|
||||||
|
rm -rf \
|
||||||
|
"/var/www/html/storage/private_uploads" \
|
||||||
|
"/var/www/html/public/uploads" \
|
||||||
|
"/var/www/html/storage/app/backups"
|
||||||
|
|
||||||
|
# Create data directories
|
||||||
|
for dir in \
|
||||||
|
'data/private_uploads' \
|
||||||
|
'data/uploads/accessories' \
|
||||||
|
'data/uploads/avatars' \
|
||||||
|
'data/uploads/barcodes' \
|
||||||
|
'data/uploads/categories' \
|
||||||
|
'data/uploads/companies' \
|
||||||
|
'data/uploads/components' \
|
||||||
|
'data/uploads/consumables' \
|
||||||
|
'data/uploads/departments' \
|
||||||
|
'data/uploads/locations' \
|
||||||
|
'data/uploads/manufacturers' \
|
||||||
|
'data/uploads/models' \
|
||||||
|
'data/uploads/suppliers' \
|
||||||
|
'dumps' \
|
||||||
|
'keys'
|
||||||
|
do
|
||||||
|
[ ! -d "/var/lib/snipeit/$dir" ] && mkdir -p "/var/lib/snipeit/$dir"
|
||||||
|
done
|
||||||
|
|
||||||
|
# Sync /var/lib/snipeit (docker volume) with /var/www/html directory
|
||||||
|
ln -fs \
|
||||||
|
"/var/lib/snipeit/data/private_uploads" "/var/www/html/storage/private_uploads"
|
||||||
|
ln -fs \
|
||||||
|
"/var/lib/snipeit/data/uploads" "/var/www/html/public/uploads"
|
||||||
|
ln -fs \
|
||||||
|
"/var/lib/snipeit/dumps" "/var/www/html/storage/app/backups"
|
||||||
|
ln -fs \
|
||||||
|
"/var/lib/snipeit/keys/oauth-public.key" "/var/www/html/storage/oauth-public.key"
|
||||||
|
ln -fs \
|
||||||
|
"/var/lib/snipeit/keys/oauth-private.key" "/var/www/html/storage/oauth-private.key"
|
||||||
|
|
||||||
|
# If the Oauth DB files are not present copy the vendor files over to the db migrations
|
||||||
|
if [ ! -f "/var/www/html/database/migrations/*create_oauth*" ]
|
||||||
|
then
|
||||||
|
cp -a /var/www/html/vendor/laravel/passport/database/migrations/* /var/www/html/database/migrations/
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create laravel log file
|
||||||
|
touch /var/www/html/storage/logs/laravel.log
|
||||||
|
# Add correct permissions for files and directories
|
||||||
|
chown www-data:www-data /var/www/html/storage/logs/laravel.log
|
||||||
|
chown -R www-data:www-data \
|
||||||
|
/var/lib/snipeit/data \
|
||||||
|
/var/lib/snipeit/dumps \
|
||||||
|
/var/lib/snipeit/keys
|
||||||
|
|
||||||
|
# Migrate/create database
|
||||||
|
php artisan migrate --force
|
||||||
|
# Clear cache files
|
||||||
|
php artisan config:clear
|
||||||
|
php artisan config:cache
|
||||||
|
|
||||||
|
echo [INFO docker entrypoint] End script execution
|
||||||
|
|
||||||
|
exec "$@"
|
54
docker/docker-secrets.env
Normal file
54
docker/docker-secrets.env
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
# --------------------------------------------
|
||||||
|
# REQUIRED: BASIC APP SETTINGS
|
||||||
|
# --------------------------------------------
|
||||||
|
#APP_ENV=develop
|
||||||
|
#APP_DEBUG=false
|
||||||
|
#APP_KEY=Change_this_key_or_snipe_will_get_ya
|
||||||
|
#APP_URL=http://127.0.0.1:32782
|
||||||
|
#APP_TIMEZONE=US/Pacific
|
||||||
|
#APP_LOCALE=en
|
||||||
|
|
||||||
|
|
||||||
|
# --------------------------------------------
|
||||||
|
# REQUIRED: DATABASE SETTINGS
|
||||||
|
# --------------------------------------------
|
||||||
|
DB_CONNECTION=mysql
|
||||||
|
DB_PREFIX=null
|
||||||
|
DB_DUMP_PATH='/usr/bin'
|
||||||
|
|
||||||
|
|
||||||
|
# --------------------------------------------
|
||||||
|
# REQUIRED: OUTGOING MAIL SERVER SETTINGS
|
||||||
|
# --------------------------------------------
|
||||||
|
MAIL_DRIVER=smtp
|
||||||
|
MAIL_ENCRYPTION=${MAIL_ENV_ENCRYPTION}
|
||||||
|
MAIL_FROM_ADDR=${MAIL_ENV_FROM_ADDR}
|
||||||
|
MAIL_FROM_NAME=${MAIL_ENV_FROM_NAME}
|
||||||
|
MAIL_REPLYTO_ADDR=${MAIL_ENV_FROM_ADDR}
|
||||||
|
MAIL_REPLYTO_NAME=${MAIL_ENV_FROM_NAME}
|
||||||
|
|
||||||
|
|
||||||
|
# --------------------------------------------
|
||||||
|
# REQUIRED: IMAGE LIBRARY
|
||||||
|
# This should be gd or imagick
|
||||||
|
# --------------------------------------------
|
||||||
|
IMAGE_LIB=gd
|
||||||
|
|
||||||
|
|
||||||
|
# --------------------------------------------
|
||||||
|
# OPTIONAL: SESSION SETTINGS
|
||||||
|
# --------------------------------------------
|
||||||
|
SESSION_LIFETIME=12000
|
||||||
|
EXPIRE_ON_CLOSE=false
|
||||||
|
ENCRYPT=false
|
||||||
|
COOKIE_NAME=snipeit_session
|
||||||
|
COOKIE_DOMAIN=null
|
||||||
|
SECURE_COOKIES=false
|
||||||
|
|
||||||
|
|
||||||
|
# --------------------------------------------
|
||||||
|
# OPTIONAL: CACHE SETTINGS
|
||||||
|
# --------------------------------------------
|
||||||
|
CACHE_DRIVER=file
|
||||||
|
SESSION_DRIVER=file
|
||||||
|
QUEUE_DRIVER=sync
|
Loading…
Reference in a new issue