Update to 0.26.1

2019-05-08 14:04:15 +02:00 · 2019-05-08 14:04:15 +02:00 · 9345a6fedc
parent e7f787b81d
commit 9345a6fedc
5 changed files with 29 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -1 +1,7 @@
 # bookstack-ppm
+[![Build Status](https://cloud.drone.io/api/badges/JJTC-Docker/bookstack-ppm/status.svg)](https://cloud.drone.io/JJTC-Docker/bookstack-ppm)
+[![Docker Pulls](https://img.shields.io/docker/pulls/jjtc/bookstack-ppm.svg?style=flat)](https://hub.docker.com/r/jjtc/bookstack-ppm/) 
+[![Github Stars](https://img.shields.io/github/stars/jjtc-docker/bookstack-ppm.svg?style=flat)](https://github.com/jjtc-docker/bookstack-ppm) 
+[![Github Forks](https://img.shields.io/github/forks/jjtc-docker/bookstack-ppm.svg?style=flat?label=github%20forks)](https://github.com/jjtc-docker/bookstack-ppm)
+
+Bookstack setup based on Alpine, Nginx, PHP-PM, MariaDB, Redis & ClamAV for use with Træfik
--- a/app/Dockerfile
+++ b/app/Dockerfile
@ -1,21 +1,15 @@
 FROM alpine:edge

-LABEL maintainer JJTC "docker@jjtc.eu"
+LABEL maintainer="JJTC <docker@jjtc.eu>"

-ENV version=1.0.2 \
-    http_version=1.0.2 \
+ENV PPM_VERSION=2.0.0 \
+    PPM_HTTP_VERSION=2.0.1 \
    BOOKSTACK=BookStack \
-    BOOKSTACK_VERSION=0.22.0 \
+    BOOKSTACK_VERSION=0.26.1 \
    BOOKSTACK_HOME="/app"

 COPY docker-entrypoint.sh /app/docker-entrypoint.sh

-#COPY php.ini /usr/local/etc/php/conf.d/php.ini
-#COPY default.conf /etc/nginx/sites-enabled/default
-#COPY nginx.conf /etc/nginx/nginx.conf
-
-# Below the following PHP extensions are installed PCNTL, PDO_MYSQL, ZIP, GD, Tidy, XML, Redis, Memcached, msgpack, igbinary
-# PHP extensions such as DOM, OpenSSL, PDO, MBstring, Tokenizer are provided by the base image.
 RUN set -ex \
  && chmod +x /app/docker-entrypoint.sh \
  # ensure www-data user exists
@ -48,6 +42,7 @@ RUN set -ex \
     php7-openssl \
     php7-pcntl \
     php7-pdo_mysql \
+     php7-pecl-imagick \
     php7-phar \
     php7-posix \
     php7-redis \
@ -65,7 +60,7 @@ RUN set -ex \
  && mkdir -p /ppm/run \
  && cd /ppm \
  && chmod -R 777 run/ \
-  && composer require php-pm/php-pm:${version} php-pm/httpkernel-adapter:${http_version} \
+  && composer require php-pm/php-pm:${PPM_VERSION} php-pm/httpkernel-adapter:${PPM_HTTP_VERSION} \
  && echo "Get BookStack:" \
  && mkdir -p ${BOOKSTACK_HOME} \
  && cd ${BOOKSTACK_HOME} \
@ -76,7 +71,9 @@ RUN set -ex \
  && echo "Get Dependencies:" \
  && composer install \
  && echo "Changing ownership:" \
-  && chown -R www-data:www-data .
+  && chown -R www-data:www-data . \
+  && echo "Ensure Nginx got access to tmp folder:" \
+  && chown www-data:root -R /var/tmp/nginx/

 WORKDIR $BOOKSTACK_HOME

--- a/app/default.conf
+++ b/app/default.conf
@ -11,12 +11,18 @@ server {

    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; report-uri https://<YOUR_ACCOUNT>.report-uri.com/r/d/csp/enforce;" always;
    add_header Expect-CT "enforce; max-age=604800; report-uri=https://<YOUR_ACCOUNT>.report-uri.com/r/d/ct/enforce";
+    add_header Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; encrypted-media 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; sync-xhr 'none'; usb 'none'; vr 'none'";
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
    add_header Referrer-Policy "strict-origin";
    add_header X-Xss-Protection "1; mode=block; report=https://<YOUR_ACCOUNT>.report-uri.com/r/d/xss/enforce" always;
-    add_header X-Frame-Options "DENY";
+    add_header X-Frame-Options "DENY" always;
    add_header X-Content-Type-Options nosniff;

+    # Firefox CSP bug workaround - https://bugzilla.mozilla.org/show_bug.cgi?id=1262842
+    location ~ \.svg$ {
+       add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'";
+    }
+
    location / {
        try_files $uri @ppm;
    }
--- a/app/nginx.conf
+++ b/app/nginx.conf
@ -24,8 +24,6 @@ http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

-        resolver 1.1.1.1 8.8.8.8 8.4.4.4;
-
        ##
        # Logging Settings
        ##
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,7 +1,7 @@
-version: '3.6'
+version: '3.5'
 services:
  db:
-    image: mariadb:10.2
+    image: mariadb:10.3
    restart: unless-stopped
    environment:
      - TZ=${TZ}
@ -15,7 +15,7 @@ services:
      - backend

  cache:
-    image: redis:4-alpine
+    image: redis:5-alpine
    restart: unless-stopped
    environment:
      - TZ=${TZ}
@ -27,7 +27,7 @@ services:
      - "traefik.enable=false"

  app:
-#    image: jjtc/bookstack-ppm:0.22-r0
+    image: jjtc/bookstack-ppm:0.26.1-r0
    build: ./app/
    restart: unless-stopped
    depends_on:
@ -38,8 +38,8 @@ services:
      - ./app/php.ini:/usr/local/etc/php/conf.d/php.ini
      - ./app/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./app/default.conf:/etc/nginx/sites-enabled/default:ro
-      - uploads:/var/www/html/public/uploads:rw
-      - storage:/var/www/html/public/storage:rw
+      - uploads:/app/public/uploads:rw
+      - storage:/app/public/storage:rw
    expose:
      - "80/tcp"
    networks: