.env.example

@@ -7,6 +7,9 @@ APP_ENV=production
 APP_DEBUG=false
 APP_KEY=------------REPLACE_ME------------
 
+# Timezone
+TZ=------------REPLACE_ME------------
+
 # The below url has to be set if using social auth options
 # or if you are not using BookStack at the root path of your domain.
 APP_URL=https://bookstackapp.com ------------REPLACE_ME------------

README.md

@@ -1,8 +1,8 @@
 # bookstack-ppm
-[![Build Status](https://cloud.drone.io/api/badges/JJTC-Containers/bookstack-ppm/status.svg)](https://cloud.drone.io/JJTC-Containers/bookstack-ppm)
+[![Build Status](https://cloud.drone.io/api/badges/JJTC-Docker/bookstack-ppm/status.svg)](https://cloud.drone.io/JJTC-Docker/bookstack-ppm)
 [![Docker Pulls](https://img.shields.io/docker/pulls/jjtc/bookstack-ppm.svg?style=flat)](https://hub.docker.com/r/jjtc/bookstack-ppm/) 
-[![Github Stars](https://img.shields.io/github/stars/jjtc-containers/bookstack-ppm.svg?style=flat)](https://github.com/jjtc-containers/bookstack-ppm) 
+[![Github Stars](https://img.shields.io/github/stars/jjtc-docker/bookstack-ppm.svg?style=flat)](https://github.com/jjtc-docker/bookstack-ppm) 
-[![Github Forks](https://img.shields.io/github/forks/jjtc-containers/bookstack-ppm.svg?style=flat?label=github%20forks)](https://github.com/jjtc-containers/bookstack-ppm)
+[![Github Forks](https://img.shields.io/github/forks/jjtc-docker/bookstack-ppm.svg?style=flat?label=github%20forks)](https://github.com/jjtc-docker/bookstack-ppm)
 [![PPM Compatible](https://raw.githubusercontent.com/php-pm/ppm-badge/master/ppm-badge.png)](https://github.com/php-pm/php-pm)
 
 Bookstack setup based on Alpine, Nginx, PHP-PM, MariaDB, Redis & ClamAV for use with Træfik

app/Dockerfile

@@ -1,28 +1,25 @@
-FROM alpine:3.13
+FROM alpine:3.11
 
-LABEL maintainer="JJTC <oci@jjtc.eu>"
+LABEL maintainer="JJTC <docker@jjtc.eu>"
 
-ENV PPM_VERSION=2.2.1 \
+ENV PPM_VERSION=2.0.3 \
-    PPM_HTTP_VERSION=2.0.6 \
+    PPM_HTTP_VERSION=2.0.2 \
     BOOKSTACK=BookStack \
-    BOOKSTACK_VERSION=0.31.6 \
+    BOOKSTACK_VERSION=0.28.2 \
     BOOKSTACK_HOME="/app"
 
-COPY entrypoint.sh /app/entrypoint.sh
+COPY docker-entrypoint.sh /app/docker-entrypoint.sh
 
 RUN set -ex \
-  && chmod +x /app/entrypoint.sh \
+  && chmod +x /app/docker-entrypoint.sh \
   # ensure www-data user exists
   # 82 is the standard uid/gid for "www-data" in Alpine
   && addgroup -g 82 -S www-data \
   && adduser -u 82 -D -S -G www-data www-data \
-  && addgroup -S bookstack \
-  && adduser -S -D -H -s /sbin/nologin  -G bookstack  -g bookstack bookstack \
   && apk update \
-  && echo "Getting packages:" \
+  && echo "Setting up PHP extensions" \
   && apk add --no-cache \
      curl \
-     multirun \
      nginx \
      tar \
      php7 \
@@ -50,6 +47,7 @@ RUN set -ex \
      php7-session \
      php7-simplexml \
      php7-sockets \
+     php7-tidy \
      php7-tokenizer \
      php7-xml \
      php7-xmlwriter \
@@ -58,32 +56,28 @@ RUN set -ex \
      composer \
   && echo "Setting up PPM:" \
   && mkdir -p /ppm/run \
-  && chmod 0777 /ppm/run \
   && cd /ppm \
+  && chmod -R 777 run/ \
   && composer require php-pm/php-pm:${PPM_VERSION} php-pm/httpkernel-adapter:${PPM_HTTP_VERSION} \
   && chown www-data:www-data -R . \
-  && echo "Getting BookStack:" \
+  && echo "Get BookStack:" \
   && mkdir -p ${BOOKSTACK_HOME} \
   && cd ${BOOKSTACK_HOME} \
   && curl -LJO https://github.com/BookStackApp/BookStack/archive/v${BOOKSTACK_VERSION}.tar.gz \
   && tar --strip-components=1 -xzf BookStack-${BOOKSTACK_VERSION}.tar.gz \
-  && rm -rf ${BOOKSTACK}-${BOOKSTACK_VERSION}.tar.gz .env.example .env.example.complete .gitattributes .github .gitignore .travis.yml tests/ public/index.php \
+  && rm -rf ${BOOKSTACK}-${BOOKSTACK_VERSION}.tar.gz .env.example .gitattributes .github .gitignore .travis.yml tests/ public/index.php \
   && ln -s init.php bootstrap/autoload.php \
-  && echo "Getting BookStack Dependencies:" \
+  && curl -LJO https://gist.githubusercontent.com/TBK/6abf876e9559cf2477ad0d16bbf648db/raw/ba66290094f7362203949b608749cefbc96652c7/validator_and_shelf_cover_fix.patch \
+  && patch -p1 < validator_and_shelf_cover_fix.patch \
+  && rm validator_and_shelf_cover_fix.patch \
+  && echo "Get Dependencies:" \
   && composer install \
   && echo "Changing ownership:" \
-  && chown bookstack:bookstack -R . \
+  && chown www-data:www-data -R . \
-  && echo "Setting folder permissions for www-data:" \
+  && echo "Ensure www-data got access to Nginx folders:" \
-  && chown www-data:bookstack -R bootstrap/cache public/uploads storage \
+  && chown www-data:www-data -R /var/lib/nginx /var/log/nginx
-  && echo "Ensuring www-data got access to Nginx folders:" \
-  && chown www-data:www-data -R /var/lib/nginx /var/log/nginx \
-  && echo "Redirecting Nginx logs to stdout and stderr:" \
-  && ln -sf /dev/stdout /var/log/nginx/access.log \
-  && ln -sf /dev/stderr /var/log/nginx/error.log \
-  && echo "Giving all system users access to multirun:" \
-  && chmod 0755 /usr/bin/multirun
 
-USER www-data
+USER www-data:www-data
 
 WORKDIR $BOOKSTACK_HOME
 
@@ -91,4 +85,4 @@ EXPOSE 8080/tcp
 
 VOLUME ["$BOOKSTACK_HOME/public/uploads", "$BOOKSTACK_HOME/public/storage"]
 
-ENTRYPOINT ["multirun", "nginx", "./entrypoint.sh"]
+ENTRYPOINT ["./docker-entrypoint.sh"]

app/docker-entrypoint.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+set -ex
+
+if [ ! -f /app/.env ]; then
+    php artisan key:generate --no-interaction --force
+fi
+php artisan migrate --no-interaction --force
+
+echo "Setting folder permissions for uploads"
+chown -R www-data:www-data public/uploads storage/uploads
+
+php artisan cache:clear
+php artisan view:clear
+
+echo "Starting Nginx:"
+nginx
+
+echo "Getting PPM ready:"
+trapIt() {
+    "$@" &
+    pid="$!"
+    trap 'kill -INT $pid' INT TERM
+    while kill -0 $pid >/dev/null 2>&1; do
+        wait $pid
+        ec="$?"
+    done
+    exit $ec
+}
+
+echo "Starting PPM:"
+trapIt /ppm/vendor/bin/ppm start --ansi --no-interaction --config=ppm.json

app/entrypoint.sh

@@ -1,13 +0,0 @@
-#!/bin/sh
-set -ex
-
-if [ ! -f .env ]; then
-    php artisan key:generate --no-interaction --force
-fi
-php artisan migrate --no-interaction --force
-
-php artisan cache:clear
-php artisan view:clear
-
-echo "Starting PPM:"
-/ppm/vendor/bin/ppm start --ansi --no-interaction --config=ppm.json

app/php.ini

@@ -12,7 +12,7 @@ upload_max_filesize = 64M
 expose_php=0
 
 session.save_handler = redis
-session.save_path = "tcp://cache:6379?database=1"
+session.save_path = "tcp://redis:6379"
 
 opcache.enable=1
 opcache.enable_cli=1

docker-compose.yml

@@ -1,11 +1,10 @@
 version: '3.7'
-
 services:
   db:
-    image: mariadb:10.5
+    image: mariadb:10.4
     restart: unless-stopped
     environment:
-      - TZ=${APP_TIMEZONE}
+      - TZ=${TZ}
       - MYSQL_ROOT_PASSWORD=${DB_ROOT_PASS}
       - MYSQL_DATABASE=${DB_DATABASE}
       - MYSQL_USER=${DB_USERNAME}
@@ -16,18 +15,17 @@ services:
       - backend
 
   cache:
-    image: redis:6-alpine
+    image: redis:5-alpine
     restart: unless-stopped
     environment:
-      - TZ=${APP_TIMEZONE}
+      - TZ=${TZ}
     volumes:
       - cache:/data/
     networks:
       - backend
 
   app:
-    image: jjtc/bookstack-ppm:0.31.6-r0
+    image: jjtc/bookstack-ppm:0.28.2-r2
-    init: true
     build: ./app/
     restart: unless-stopped
     depends_on:
@@ -50,6 +48,7 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.bookstack.entrypoints=http"
       - "traefik.http.routers.bookstack.rule=Host(`${APP_URL_BASE}`)"
+      - "traefik.http.routers.bookstack.middlewares=redirect-https@file"
       - "traefik.http.routers.bookstack-secure.entrypoints=https"
       - "traefik.http.routers.bookstack-secure.rule=Host(`${APP_URL_BASE}`)"
       - "traefik.http.routers.bookstack-secure.tls=true"
@@ -73,7 +72,7 @@ services:
   #     - "traefik.enable=false"
 
   #traefik:
-  #  image: traefik:2.4
+  #  image: traefik:2.1
   #  restart: unless-stopped
   #  security_opt:
   #   - no-new-privileges:true

validation_fixes.patch

@@ -0,0 +1,96 @@
+--- a/app/Http/Controllers/AttachmentController.php
++++ b/app/Http/Controllers/AttachmentController.php
+@@ -37,7 +37,7 @@ class AttachmentController extends Controller
+     {
+         $this->validate($request, [
+             'uploaded_to' => 'required|integer|exists:pages,id',
+-            'file' => 'required|file'
++            'file' => 'required'
+         ]);
+ 
+         $pageId = $request->get('uploaded_to');
+@@ -66,7 +66,7 @@ class AttachmentController extends Controller
+     {
+         $this->validate($request, [
+             'uploaded_to' => 'required|integer|exists:pages,id',
+-            'file' => 'required|file'
++            'file' => 'required'
+         ]);
+ 
+         $pageId = $request->get('uploaded_to');
+
+--- a/app/Http/Controllers/BookshelfController.php
++++ b/app/Http/Controllers/BookshelfController.php
+@@ -146,7 +146,7 @@ class BookshelfController extends Controller
+         $this->validate($request, [
+             'name' => 'required|string|max:255',
+             'description' => 'string|max:1000',
+-            'image' => $this->imageRepo->getImageValidationRules(),
++            'image' => $this->getImageValidationRules(),
+         ]);
+ 
+ 
+--- a/app/Http/Controllers/Controller.php
++++ b/app/Http/Controllers/Controller.php
+@@ -195,6 +195,6 @@ abstract class Controller extends BaseController
+      */
+     protected function getImageValidationRules(): string
+     {
+-        return 'image_extension|no_double_extension|mimes:jpeg,png,gif,bmp,webp,tiff';
++        return 'nullable|image_extension|no_double_extension';
+     }
+ }
+
+--- a/app/Http/Controllers/SettingController.php
++++ b/app/Http/Controllers/SettingController.php
+@@ -44,7 +44,7 @@ class SettingController extends Controller
+         $this->preventAccessInDemoMode();
+         $this->checkPermission('settings-manage');
+         $this->validate($request, [
+-            'app_logo' => $this->imageRepo->getImageValidationRules(),
++            'app_logo' => $this->getImageValidationRules(),
+         ]);
+ 
+         // Cycles through posted settings and update them
+@@ -57,7 +57,7 @@ class SettingController extends Controller
+         }
+ 
+         // Update logo image if set
+-        if ($request->has('app_logo')) {
++        if ($request->has('app_logo') && !$request->has('app_logo_reset') && !$request->has('setting-app-logo')) {
+             $logoFile = $request->file('app_logo');
+             $this->imageRepo->destroyByType('system');
+             $image = $this->imageRepo->saveNew($logoFile, 'system', 0, null, 86);
+
+--- a/app/Http/Controllers/UserController.php
++++ b/app/Http/Controllers/UserController.php
+@@ -155,7 +155,7 @@ class UserController extends Controller
+             'password'         => 'min:6|required_with:password_confirm',
+             'password-confirm' => 'same:password|required_with:password',
+             'setting'          => 'array',
+-            'profile_image'    => $this->imageRepo->getImageValidationRules(),
++            'profile_image'    => $this->getImageValidationRules(),
+         ]);
+ 
+         $user = $this->userRepo->getById($id);
+@@ -191,7 +191,7 @@ class UserController extends Controller
+         }
+ 
+         // Save profile image if in request
+-        if ($request->has('profile_image')) {
++        if ($request->has('profile_image') && !$request->has('profile_image_reset')) {
+             $imageUpload = $request->file('profile_image');
+             $this->imageRepo->destroyImage($user->avatar);
+             $image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);
+
+--- a/app/Uploads/ImageRepo.php
++++ b/app/Uploads/ImageRepo.php
+@@ -225,6 +225,6 @@ class ImageRepo
+      */
+     public function getImageValidationRules(): string
+     {
+-        return 'image_extension|no_double_extension|mimes:jpeg,png,gif,bmp,webp,tiff';
++        return 'image_extension|no_double_extension';
+     }
+ }
+