-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
GitHub Workflow
committed
Oct 16, 2024
1 parent
8684900
commit b11c97b
Showing
27 changed files
with
1,612 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,186 @@ | ||
# DO NOT EDIT: created by update.sh from Dockerfile-debian.template | ||
FROM php:8.2-apache-bullseye | ||
|
||
# entrypoint.sh and cron.sh dependencies | ||
RUN set -ex; \ | ||
\ | ||
apt-get update; \ | ||
apt-get install -y --no-install-recommends \ | ||
rsync \ | ||
bzip2 \ | ||
# For mail() support | ||
msmtp \ | ||
tini \ | ||
; | ||
|
||
ENV GOSU_VERSION 1.14 | ||
RUN set -eux; \ | ||
# save list of currently installed packages for later so we can clean up | ||
savedAptMark="$(apt-mark showmanual)"; \ | ||
apt-get update; \ | ||
apt-get install -y --no-install-recommends ca-certificates wget; \ | ||
if ! command -v gpg; then \ | ||
apt-get install -y --no-install-recommends gnupg2 dirmngr; \ | ||
elif gpg --version | grep -q '^gpg (GnuPG) 1\.'; then \ | ||
# "This package provides support for HKPS keyservers." (GnuPG 1.x only) | ||
apt-get install -y --no-install-recommends gnupg-curl; \ | ||
fi; \ | ||
rm -rf /var/lib/apt/lists/*; \ | ||
\ | ||
dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ | ||
wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ | ||
wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ | ||
\ | ||
# verify the signature | ||
export GNUPGHOME="$(mktemp -d)"; \ | ||
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ | ||
gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ | ||
command -v gpgconf && gpgconf --kill all || :; \ | ||
rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ | ||
\ | ||
# clean up fetch dependencies | ||
apt-mark auto '.*' > /dev/null; \ | ||
[ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ | ||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ | ||
\ | ||
chmod +x /usr/local/bin/gosu; \ | ||
# verify that the binary works | ||
gosu --version; \ | ||
gosu nobody true | ||
|
||
# install the PHP extensions we need | ||
# see https://friendi.ca/resources/requirements/ | ||
RUN set -ex; \ | ||
\ | ||
savedAptMark="$(apt-mark showmanual)"; \ | ||
\ | ||
apt-get update; \ | ||
apt-get install -y --no-install-recommends \ | ||
mariadb-client \ | ||
bash \ | ||
libpng-dev \ | ||
libjpeg62-turbo-dev \ | ||
libtool \ | ||
libmagick++-dev \ | ||
libmemcached-dev \ | ||
zlib1g-dev \ | ||
libssl-dev \ | ||
libgraphicsmagick1-dev \ | ||
libfreetype6-dev \ | ||
libwebp-dev \ | ||
librsvg2-2 \ | ||
libzip-dev \ | ||
libldap2-dev \ | ||
libgmp-dev \ | ||
libmagickcore-6.q16-6-extra \ | ||
; \ | ||
\ | ||
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ | ||
\ | ||
docker-php-ext-configure gd \ | ||
--with-freetype \ | ||
--with-jpeg \ | ||
--with-webp \ | ||
; \ | ||
docker-php-ext-configure ldap \ | ||
--with-libdir=lib/$debMultiarch/ \ | ||
;\ | ||
docker-php-ext-install -j "$(nproc)" \ | ||
pdo_mysql \ | ||
gd \ | ||
exif \ | ||
zip \ | ||
opcache \ | ||
ctype \ | ||
pcntl \ | ||
ldap \ | ||
gmp \ | ||
intl \ | ||
; \ | ||
\ | ||
# pecl will claim success even if one install fails, so we need to perform each install separately | ||
pecl install apcu-5.1.24; \ | ||
pecl install memcached-3.2.0; \ | ||
pecl install redis-6.1.0; \ | ||
pecl install imagick-3.7.0; \ | ||
\ | ||
docker-php-ext-enable \ | ||
apcu \ | ||
memcached \ | ||
redis \ | ||
imagick \ | ||
; \ | ||
\ | ||
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies | ||
apt-mark auto '.*' > /dev/null; \ | ||
apt-mark manual $savedAptMark; \ | ||
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \ | ||
| awk '/=>/ { print $3 }' \ | ||
| sort -u \ | ||
| xargs -r dpkg-query -S \ | ||
| cut -d: -f1 \ | ||
| sort -u \ | ||
| xargs -rt apt-mark manual; \ | ||
\ | ||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
# set recommended PHP.ini settings | ||
ENV PHP_MEMORY_LIMIT 512M | ||
ENV PHP_UPLOAD_LIMIT 512M | ||
RUN set -ex; \ | ||
{ \ | ||
echo 'opcache.enable=1' ; \ | ||
echo 'opcache.interned_strings_buffer=8'; \ | ||
echo 'opcache.max_accelerated_files=10000'; \ | ||
echo 'opcache.memory_consumption=128'; \ | ||
echo 'opcache.save_comments=1'; \ | ||
echo 'opcache.revalidte_freq=1'; \ | ||
} > /usr/local/etc/php/conf.d/opcache-recommended.ini; \ | ||
\ | ||
{ \ | ||
echo sendmail_path = "/usr/bin/msmtp -t"; \ | ||
} > /usr/local/etc/php/conf.d/sendmail.ini; \ | ||
\ | ||
echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \ | ||
\ | ||
{ \ | ||
echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \ | ||
echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \ | ||
echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \ | ||
} > /usr/local/etc/php/conf.d/friendica.ini; \ | ||
ln -s /usr/local/etc/php/php.ini-production /usr/local/etc/php/php.ini; \ | ||
\ | ||
mkdir /var/www/data; \ | ||
chown -R www-data:root /var/www; \ | ||
chmod -R g=u /var/www | ||
|
||
VOLUME /var/www/html | ||
|
||
RUN set -ex;\ | ||
a2enmod rewrite remoteip ;\ | ||
{\ | ||
echo RemoteIPHeader X-Real-IP ;\ | ||
echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ | ||
echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ | ||
echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ | ||
} > /etc/apache2/conf-available/remoteip.conf;\ | ||
a2enconf remoteip | ||
|
||
# 39 = LOG_PID | LOG_ODELAY | LOG_CONS | LOG_PERROR | ||
ENV FRIENDICA_SYSLOG_FLAGS 39 | ||
ENV FRIENDICA_VERSION "2024.09-rc" | ||
ENV FRIENDICA_ADDONS "2024.09-rc" | ||
|
||
RUN set -ex; \ | ||
fetchDeps=" \ | ||
gnupg \ | ||
"; \ | ||
apt-get update; \ | ||
apt-get install -y --no-install-recommends $fetchDeps; | ||
|
||
COPY *.sh upgrade.exclude / | ||
COPY config/* /usr/src/friendica/config/ | ||
|
||
ENTRYPOINT ["/entrypoint-dev.sh"] | ||
CMD ["apache2-foreground"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<?php | ||
|
||
/** | ||
* If nothing else set, use APCu as a caching driver (best performance for local caching) | ||
*/ | ||
|
||
return [ | ||
'system' => [ | ||
'cache_driver' => 'apcu', | ||
], | ||
]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
<?php | ||
|
||
if (getenv('REDIS_HOST')) { | ||
return [ | ||
'system' => [ | ||
'session_handler' => 'cache', | ||
'distributed_cache_driver' => 'redis', | ||
'lock_driver' => 'redis', | ||
'redis_host' => getenv('REDIS_HOST'), | ||
'redis_port' => (getenv('REDIS_PORT') ?: ''), | ||
'redis_password' => (getenv('REDIS_PW') ?: ''), | ||
'redis_db' => (getenv('REDIS_DB') ?: 0), | ||
], | ||
]; | ||
} else { | ||
return []; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
<?php | ||
|
||
/** | ||
* Fallback config to make it possible overwriting config values | ||
* because of docker environment variables | ||
* | ||
* This doesn't affect DB configurations, but will replace other config values | ||
*/ | ||
|
||
$config = [ | ||
'system' => [ | ||
// Necessary because otherwise the daemon isn't working | ||
'pidfile' => '/var/run/friendica.pid', | ||
|
||
'logfile' => '/var/www/html/friendica.log', | ||
'loglevel' => 'notice', | ||
], | ||
'storage' => [ | ||
'filesystem_path' => '/var/www/html/storage', | ||
], | ||
]; | ||
|
||
if (!empty(getenv('FRIENDICA_NO_VALIDATION'))) { | ||
$config['system']['disable_url_validation'] = true; | ||
$config['system']['disable_email_validation'] = true; | ||
} | ||
|
||
if (!empty(getenv('SMTP_DOMAIN'))) { | ||
$smtp_from = !empty(getenv('SMTP_FROM')) ? getenv('SMTP_FROM') : 'no-reply'; | ||
|
||
$config['config']['sender_email'] = $smtp_from . "@" . getenv('SMTP_DOMAIN'); | ||
} | ||
|
||
return $config; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
#!/bin/sh | ||
trap "break;exit" HUP INT TERM | ||
|
||
while [ ! -f /var/www/html/bin/daemon.php ]; do | ||
sleep 1 | ||
done | ||
|
||
echo "Waiting for MySQL $MYSQL_HOST initialization..." | ||
if php /var/www/html/bin/wait-for-connection "$MYSQL_HOST" "${MYSQL_PORT:-3306}" 300; then | ||
sh /setup_msmtp.sh | ||
exec gosu www-data:www-data tini -- php /var/www/html/bin/daemon.php -f start | ||
else | ||
echo "[ERROR] Waited 300 seconds, no response" >&2 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
#!/bin/sh | ||
set -eu | ||
|
||
# just check if we execute apache or php-fpm | ||
if (expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ]) && [ "${FRIENDICA_UPGRADE:-false}" = "true" ]; then | ||
curl -fsSL -o "/usr/src/friendica-full-${FRIENDICA_VERSION}.tar.gz.sum256" "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz.sum256" | ||
curl -fsSL -o "/usr/src/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.sum256" "https://files.friendi.ca/friendica-full-${FRIENDICA_ADDONS}.tar.gz.sum256" | ||
|
||
# Don't download already latest sources | ||
if [ -f "/usr/src/friendica.tar.gz.sum256" ] && [ -f "/usr/src/friendica-addons.tar.gz.sum256" ] && \ | ||
cmp -s "/usr/src/friendica-full-${FRIENDICA_VERSION}.tar.gz.sum256" "/usr/src/friendica.tar.gz.sum256" && \ | ||
cmp -s "/usr/src/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.sum256" "/usr/src/friendica-addons.tar.gz.sum256"; then | ||
echo "Already latest sources - skipped download" | ||
else | ||
|
||
echo "Download sources for ${FRIENDICA_VERSION} (Addon: ${FRIENDICA_ADDONS})" | ||
|
||
# Removing the whole directory first | ||
rm -fr /usr/src/friendica | ||
export GNUPGHOME="$(mktemp -d)" | ||
|
||
gpg --batch --logger-fd=1 --no-tty --quiet --keyserver keyserver.ubuntu.com --recv-keys 08656443618E6567A39524083EE197EF3F9E4287 | ||
|
||
curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz" | ||
curl -fsSL -o friendica-full-${FRIENDICA_VERSION}.tar.gz.asc "https://files.friendi.ca/friendica-full-${FRIENDICA_VERSION}.tar.gz.asc"; | ||
gpg --batch --logger-fd=1 --no-tty --quiet --verify friendica-full-${FRIENDICA_VERSION}.tar.gz.asc friendica-full-${FRIENDICA_VERSION}.tar.gz | ||
echo "Core sources (${FRIENDICA_VERSION}) verified" | ||
|
||
tar -xzf friendica-full-${FRIENDICA_VERSION}.tar.gz -C /usr/src/ | ||
rm friendica-full-${FRIENDICA_VERSION}.tar.gz friendica-full-${FRIENDICA_VERSION}.tar.gz.asc | ||
mv -f /usr/src/friendica-full-${FRIENDICA_VERSION}/ /usr/src/friendica | ||
echo "Core sources (${FRIENDICA_VERSION}) extracted" | ||
|
||
chmod 777 /usr/src/friendica/view/smarty3 | ||
|
||
curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz" | ||
curl -fsSL -o friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc "https://files.friendi.ca/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc" | ||
gpg --batch --logger-fd=1 --no-tty --quiet --verify friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc friendica-addons-${FRIENDICA_ADDONS}.tar.gz | ||
echo "Addon sources (${FRIENDICA_ADDONS}) verified" | ||
|
||
mkdir -p /usr/src/friendica/addon | ||
tar -xzf friendica-addons-${FRIENDICA_ADDONS}.tar.gz -C /usr/src/friendica/addon --strip-components=1 | ||
rm friendica-addons-${FRIENDICA_ADDONS}.tar.gz friendica-addons-${FRIENDICA_ADDONS}.tar.gz.asc | ||
echo "Addon sources (${FRIENDICA_ADDONS}) extracted" | ||
|
||
gpgconf --kill all | ||
rm -rf "$GNUPGHOME" | ||
|
||
mv -f /usr/src/friendica-full-${FRIENDICA_VERSION}.tar.gz.sum256 /usr/src/friendica.tar.gz.sum256 | ||
mv -f /usr/src/friendica-addons-${FRIENDICA_ADDONS}.tar.gz.sum256 /usr/src/friendica-addons.tar.gz.sum256 | ||
fi | ||
fi | ||
|
||
exec /entrypoint.sh "$@" |
Oops, something went wrong.