From 7c5c83739d35c9f9145e27c4b152959ac47429f0 Mon Sep 17 00:00:00 2001 From: TBK Date: Wed, 31 Jul 2019 22:25:17 +0200 Subject: [PATCH] Run all as www-data --- app/Dockerfile | 11 ++++++----- app/default.conf | 4 ++-- app/docker-entrypoint.sh | 8 +++++--- app/nginx.conf | 5 ++--- docker-compose.yml | 6 +++--- 5 files changed, 18 insertions(+), 16 deletions(-) diff --git a/app/Dockerfile b/app/Dockerfile index 40c249a..9e0d0ad 100644 --- a/app/Dockerfile +++ b/app/Dockerfile @@ -19,9 +19,7 @@ RUN set -ex \ && apk update \ && echo "Setting up PHP extensions" \ && apk add --no-cache \ - bash \ curl \ - su-exec \ nginx \ tar \ php7 \ @@ -61,6 +59,7 @@ RUN set -ex \ && cd /ppm \ && chmod -R 777 run/ \ && composer require php-pm/php-pm:${PPM_VERSION} php-pm/httpkernel-adapter:${PPM_HTTP_VERSION} \ + && chown www-data:www-data -R . \ && echo "Get BookStack:" \ && mkdir -p ${BOOKSTACK_HOME} \ && cd ${BOOKSTACK_HOME} \ @@ -72,12 +71,14 @@ RUN set -ex \ && composer install \ && echo "Changing ownership:" \ && chown www-data:www-data -R . \ - && echo "Ensure Nginx got access to tmp folder:" \ - && chown www-data:www-data -R /var/lib/nginx/tmp + && echo "Ensure www-data got access to Nginx folders:" \ + && chown www-data:www-data -R /var/lib/nginx /var/log/nginx + +USER www-data:www-data WORKDIR $BOOKSTACK_HOME -EXPOSE 80 +EXPOSE 8080/tcp VOLUME ["$BOOKSTACK_HOME/public/uploads", "$BOOKSTACK_HOME/public/storage"] diff --git a/app/default.conf b/app/default.conf index b8301b1..544afd4 100644 --- a/app/default.conf +++ b/app/default.conf @@ -1,6 +1,6 @@ server { - listen 80; - listen [::]:80; + listen 8080; + listen [::]:8080; server_name _; root /app/public/; diff --git a/app/docker-entrypoint.sh b/app/docker-entrypoint.sh index fdd8877..7e16d69 100644 --- a/app/docker-entrypoint.sh +++ b/app/docker-entrypoint.sh @@ -1,11 +1,13 @@ #!/bin/sh set -ex -php artisan key:generate --no-interaction --force +if [ ! -f /app/.env ]; then + php artisan key:generate --no-interaction --force +fi php artisan migrate --no-interaction --force echo "Setting folder permissions for uploads" -chown -R www-data:www-data public/uploads storage/uploads /ppm +chown -R www-data:www-data public/uploads storage/uploads php artisan cache:clear php artisan view:clear @@ -17,4 +19,4 @@ echo "Getting PPM ready:" trapIt () { "$@"& pid="$!"; trap 'kill -INT $pid' INT TERM; while kill -0 $pid > /dev/null 2>&1; do wait $pid; ec="$?"; done; exit $ec;}; echo "Starting PPM:" -trapIt su-exec www-data:www-data /ppm/vendor/bin/ppm start --ansi --no-interaction --config=ppm.json +trapIt /ppm/vendor/bin/ppm start --ansi --no-interaction --config=ppm.json diff --git a/app/nginx.conf b/app/nginx.conf index 2d59d19..677210a 100644 --- a/app/nginx.conf +++ b/app/nginx.conf @@ -1,10 +1,9 @@ -user www-data; worker_processes auto; -pid /run/nginx.pid; +pid /tmp/nginx.pid; daemon on; events { - worker_connections 1024; + worker_connections 1024; } http { diff --git a/docker-compose.yml b/docker-compose.yml index d118683..5764301 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,7 +25,7 @@ services: - backend app: - image: jjtc/bookstack-ppm:0.26.3-r3 + image: jjtc/bookstack-ppm:0.26.3-r4 build: ./app/ restart: unless-stopped depends_on: @@ -40,7 +40,7 @@ services: - uploads:/app/public/uploads:rw - storage:/app/public/storage:rw expose: - - "80/tcp" + - "8080/tcp" networks: - web - backend @@ -51,7 +51,7 @@ services: - "traefik.docker.network=web" - "traefik.frontend.rule=Host:${APP_URL_BASE}" - "traefik.enable=true" - - "traefik.port=80" + - "traefik.port=8080" - "traefik.default.protocol=http" # av: