Working on TTRSS
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
CREATE DATABASE IF NOT EXISTS `monica`;
|
||||
CREATE DATABASE IF NOT EXISTS `gitea`;
|
||||
CREATE DATABASE IF NOT EXISTS `tt-rss`;
|
||||
# Nextcloud will automatically create a database on setup
|
||||
#CREATE DATABASE IF NOT EXISTS `nextcloud`;
|
||||
|
||||
|
||||
@@ -129,6 +129,28 @@ services:
|
||||
depends_on:
|
||||
- db
|
||||
|
||||
tt-rss:
|
||||
<<: *logging
|
||||
image: cthulhoo/ttrss-fpm-pgsql-static:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- TTRSS_SELF_URL_PATH=https://intel.${DOMAIN}
|
||||
- TTRSS_DB_USER=${DB_USER}
|
||||
- TTRSS_DB_NAME=scarif
|
||||
- TTRSS_DB_PASS=${DB_PASSWORD}
|
||||
- TTRSS_DB_HOST=psqldb
|
||||
#- AUTO_CREATE_USER=${TTRSS_USER}
|
||||
#- AUTO_CREATE_USER_PASS=${TTRSS_USER_PASS}
|
||||
#- AUTO_CREATE_USER_ACCESS_LEVEL:
|
||||
volumes:
|
||||
- tt-rss:/var/www/html
|
||||
- ./tt-rss/config.d:/opt/tt-rss/config.d:ro
|
||||
depends_on:
|
||||
- psqldb
|
||||
networks:
|
||||
- db
|
||||
- nginx
|
||||
|
||||
pihole:
|
||||
<<: *logging
|
||||
image: pihole/pihole:latest
|
||||
@@ -505,6 +527,19 @@ services:
|
||||
networks:
|
||||
- db
|
||||
|
||||
psqldb:
|
||||
<<: *logging
|
||||
image: postgres:12-alpine
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_USER=${DB_USER}
|
||||
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
||||
- POSTGRES_DB=scarif
|
||||
volumes:
|
||||
- psqldb:/var/lib/postgresql/data
|
||||
networks:
|
||||
- db
|
||||
|
||||
redis:
|
||||
image: redis:alpine
|
||||
restart: always
|
||||
@@ -521,6 +556,7 @@ services:
|
||||
- ./nginx/generate_conf.sh:/docker-entrypoint.d/generate_conf.sh
|
||||
- nextcloud:/var/www/html/nextcloud:ro
|
||||
- ./christmas:/var/www/html/christmas:ro
|
||||
- tt-rss:/var/www/html/tt-rss:ro
|
||||
environment:
|
||||
- DOMAIN=${DOMAIN}
|
||||
depends_on:
|
||||
@@ -545,6 +581,8 @@ services:
|
||||
|
||||
volumes:
|
||||
db:
|
||||
psqldb:
|
||||
tt-rss:
|
||||
gitea:
|
||||
nextcloud:
|
||||
foundry:
|
||||
|
||||
@@ -282,6 +282,52 @@ http {
|
||||
}
|
||||
}
|
||||
|
||||
upstream tt-rss-handler {
|
||||
server tt-rss:9000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
|
||||
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
|
||||
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
|
||||
|
||||
root /var/www/html/tt-rss;
|
||||
|
||||
server_name intel.${DOMAIN};
|
||||
|
||||
location /cache {
|
||||
aio threads;
|
||||
internal;
|
||||
}
|
||||
|
||||
location /backups {
|
||||
internal;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
|
||||
# Check that the PHP script exists before passing it
|
||||
try_files $fastcgi_script_name =404;
|
||||
|
||||
# Bypass the fact that try_files resets $fastcgi_path_info
|
||||
# see: http://trac.nginx.org/nginx/ticket/321
|
||||
set $path_info $fastcgi_path_info;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
|
||||
fastcgi_index index.php;
|
||||
include fastcgi.conf;
|
||||
|
||||
fastcgi_pass tt-rss-handler;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
|
||||
upstream foundry-handler {
|
||||
server foundry:30000;
|
||||
}
|
||||
|
||||
84
tt-rss/Dockerfile
Normal file
84
tt-rss/Dockerfile
Normal file
@@ -0,0 +1,84 @@
|
||||
FROM registry.fakecake.org/docker.io/alpine:3.18
|
||||
EXPOSE 9000/tcp
|
||||
|
||||
ENV SCRIPT_ROOT=/opt/tt-rss
|
||||
ENV SRC_DIR=/src/tt-rss/
|
||||
|
||||
RUN apk add --no-cache dcron php82 php82-fpm php82-phar php82-sockets php82-pecl-apcu \
|
||||
php82-pdo php82-gd php82-mysql php82-pdo_mysql php82-xmlwriter php82-opcache \
|
||||
php82-mbstring php82-intl php82-xml php82-curl php82-simplexml \
|
||||
php82-session php82-tokenizer php82-dom php82-fileinfo php82-ctype \
|
||||
php82-json php82-iconv php82-pcntl php82-posix php82-zip php82-exif \
|
||||
php82-openssl git mysql mysql-client sudo php82-pecl-xdebug rsync tzdata && \
|
||||
sed -i 's/\(memory_limit =\) 128M/\1 256M/' /etc/php82/php.ini && \
|
||||
sed -i -e 's/^listen = 127.0.0.1:9000/listen = 9000/' \
|
||||
-e 's/;\(clear_env\) = .*/\1 = no/i' \
|
||||
-e 's/^\(user\|group\) = .*/\1 = app/i' \
|
||||
-e 's/;\(php_admin_value\[error_log\]\) = .*/\1 = \/tmp\/error.log/' \
|
||||
-e 's/;\(php_admin_flag\[log_errors\]\) = .*/\1 = on/' \
|
||||
/etc/php82/php-fpm.d/www.conf && \
|
||||
mkdir -p /var/www ${SCRIPT_ROOT}/config.d
|
||||
|
||||
ARG CI_COMMIT_BRANCH
|
||||
ENV CI_COMMIT_BRANCH=${CI_COMMIT_BRANCH}
|
||||
|
||||
ARG CI_COMMIT_SHORT_SHA
|
||||
ENV CI_COMMIT_SHORT_SHA=${CI_COMMIT_SHORT_SHA}
|
||||
|
||||
ARG CI_COMMIT_TIMESTAMP
|
||||
ENV CI_COMMIT_TIMESTAMP=${CI_COMMIT_TIMESTAMP}
|
||||
|
||||
ARG CI_COMMIT_SHA
|
||||
ENV CI_COMMIT_SHA=${CI_COMMIT_SHA}
|
||||
|
||||
ADD --chmod=0755 startup.sh ${SCRIPT_ROOT}
|
||||
|
||||
ADD index.php ${SCRIPT_ROOT}
|
||||
ADD config.docker.php ${SCRIPT_ROOT}
|
||||
|
||||
COPY --from=app-src . ${SRC_DIR}
|
||||
|
||||
ARG ORIGIN_REPO_XACCEL=https://git.tt-rss.org/fox/ttrss-nginx-xaccel.git
|
||||
|
||||
RUN git clone --depth=1 ${ORIGIN_REPO_XACCEL} ${SRC_DIR}/plugins.local/nginx_xaccel
|
||||
|
||||
ENV OWNER_UID=1000
|
||||
ENV OWNER_GID=1000
|
||||
|
||||
ENV PHP_WORKER_MAX_CHILDREN=5
|
||||
ENV PHP_WORKER_MEMORY_LIMIT=256M
|
||||
|
||||
# these are applied on every startup, if set
|
||||
ENV ADMIN_USER_PASS=""
|
||||
# see classes/UserHelper.php ACCESS_LEVEL_*
|
||||
# setting this to -2 would effectively disable built-in admin user
|
||||
# unless single user mode is enabled
|
||||
ENV ADMIN_USER_ACCESS_LEVEL=""
|
||||
|
||||
# these are applied unless user already exists
|
||||
ENV AUTO_CREATE_USER=""
|
||||
ENV AUTO_CREATE_USER_PASS=""
|
||||
ENV AUTO_CREATE_USER_ACCESS_LEVEL="0"
|
||||
|
||||
# TODO: remove prefix from container variables not used by tt-rss itself:
|
||||
#
|
||||
# - TTRSS_NO_STARTUP_PLUGIN_UPDATES -> NO_STARTUP_PLUGIN_UPDATES
|
||||
# - TTRSS_XDEBUG_... -> XDEBUG_...
|
||||
|
||||
# don't try to update local plugins on startup
|
||||
ENV TTRSS_NO_STARTUP_PLUGIN_UPDATES=""
|
||||
|
||||
# TTRSS_XDEBUG_HOST defaults to host IP if unset
|
||||
ENV TTRSS_XDEBUG_ENABLED=""
|
||||
ENV TTRSS_XDEBUG_HOST=""
|
||||
ENV TTRSS_XDEBUG_PORT="9000"
|
||||
|
||||
ENV TTRSS_DB_TYPE="mysql"
|
||||
ENV TTRSS_DB_PORT="3306"
|
||||
|
||||
ENV TTRSS_MYSQL_CHARSET="UTF8"
|
||||
ENV TTRSS_PHP_EXECUTABLE="/usr/bin/php82"
|
||||
ENV TTRSS_PLUGINS="auth_internal, note, nginx_xaccel"
|
||||
|
||||
CMD ${SCRIPT_ROOT}/startup.sh
|
||||
|
||||
4
tt-rss/index.php
Normal file
4
tt-rss/index.php
Normal file
@@ -0,0 +1,4 @@
|
||||
<?php
|
||||
header("Location: /tt-rss/");
|
||||
return;
|
||||
|
||||
130
tt-rss/startup.sh
Normal file
130
tt-rss/startup.sh
Normal file
@@ -0,0 +1,130 @@
|
||||
#!/bin/sh -e
|
||||
|
||||
# We don't need those here (HTTP_HOST would cause false SELF_URL_PATH check failures)
|
||||
unset HTTP_PORT
|
||||
unset HTTP_HOST
|
||||
|
||||
if ! id app >/dev/null 2>&1; then
|
||||
addgroup -g $OWNER_GID app
|
||||
adduser -D -h /var/www/html -G app -u $OWNER_UID app
|
||||
fi
|
||||
|
||||
update-ca-certificates || true
|
||||
|
||||
DST_DIR=/var/www/html/tt-rss
|
||||
|
||||
[ -e $DST_DIR ] && rm -f $DST_DIR/.app_is_ready
|
||||
|
||||
[ ! -e /var/www/html/index.php ] && cp ${SCRIPT_ROOT}/index.php /var/www/html
|
||||
|
||||
if [ ! -d $DST_DIR ]; then
|
||||
mkdir -p $DST_DIR
|
||||
chown $OWNER_UID:$OWNER_GID $DST_DIR
|
||||
|
||||
sudo -u app rsync -a \
|
||||
$SRC_DIR/ $DST_DIR/
|
||||
else
|
||||
chown -R $OWNER_UID:$OWNER_GID $DST_DIR
|
||||
|
||||
sudo -u app rsync -a --delete \
|
||||
--exclude /cache \
|
||||
--exclude /lock \
|
||||
--exclude /feed-icons \
|
||||
--exclude /plugins/af_comics/filters.local \
|
||||
--exclude /plugins.local \
|
||||
--exclude /templates.local \
|
||||
--exclude /themes.local \
|
||||
$SRC_DIR/ $DST_DIR/
|
||||
|
||||
sudo -u app rsync -a --delete \
|
||||
$SRC_DIR/plugins.local/nginx_xaccel \
|
||||
$DST_DIR/plugins.local/nginx_xaccel
|
||||
fi
|
||||
|
||||
for d in cache lock feed-icons plugins.local themes.local; do
|
||||
sudo -u app mkdir -p $DST_DIR/$d
|
||||
done
|
||||
|
||||
for d in cache lock feed-icons; do
|
||||
chmod 777 $DST_DIR/$d
|
||||
find $DST_DIR/$d -type f -exec chmod 666 {} \;
|
||||
done
|
||||
|
||||
sudo -u app cp ${SCRIPT_ROOT}/config.docker.php $DST_DIR/config.php
|
||||
chmod 644 $DST_DIR/config.php
|
||||
|
||||
chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
|
||||
/var/log/php82
|
||||
|
||||
if [ -z "$TTRSS_NO_STARTUP_PLUGIN_UPDATES" ]; then
|
||||
echo updating all local plugins...
|
||||
|
||||
find $DST_DIR/plugins.local -mindepth 1 -maxdepth 1 -type d | while read PLUGIN; do
|
||||
if [ -d $PLUGIN/.git ]; then
|
||||
echo updating $PLUGIN...
|
||||
|
||||
cd $PLUGIN && \
|
||||
sudo -u app git config core.filemode false && \
|
||||
sudo -u app git config pull.rebase false && \
|
||||
sudo -u app git pull origin master || echo warning: attempt to update plugin $PLUGIN failed.
|
||||
fi
|
||||
done
|
||||
else
|
||||
echo skipping local plugin updates, disabled.
|
||||
fi
|
||||
|
||||
MSQL="mysql -q -h $TTRSS_DB_HOST -U $TTRSS_DB_USER -p $TTRSS_DB_PASS -D $TTRSS_DB_NAME"
|
||||
|
||||
RESTORE_SCHEMA=${SCRIPT_ROOT}/restore-schema.sql.gz
|
||||
|
||||
if [ -r $RESTORE_SCHEMA ]; then
|
||||
$PSQL -c "drop schema public cascade; create schema public;"
|
||||
zcat $RESTORE_SCHEMA | $PSQL
|
||||
fi
|
||||
|
||||
# this was previously generated
|
||||
rm -f $DST_DIR/config.php.bak
|
||||
|
||||
sed -i.bak "s/^\(memory_limit\) = \(.*\)/\1 = ${PHP_WORKER_MEMORY_LIMIT}/" \
|
||||
/etc/php82/php.ini
|
||||
|
||||
sed -i.bak "s/^\(pm.max_children\) = \(.*\)/\1 = ${PHP_WORKER_MAX_CHILDREN}/" \
|
||||
/etc/php82/php-fpm.d/www.conf
|
||||
|
||||
sudo -Eu app php82 $DST_DIR/update.php --update-schema=force-yes
|
||||
|
||||
if [ ! -z "$ADMIN_USER_PASS" ]; then
|
||||
sudo -Eu app php82 $DST_DIR/update.php --user-set-password "admin:$ADMIN_USER_PASS"
|
||||
else
|
||||
if sudo -Eu app php82 $DST_DIR/update.php --user-check-password "admin:password"; then
|
||||
RANDOM_PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16 ; echo '')
|
||||
|
||||
echo "*****************************************************************************"
|
||||
echo "* Setting initial built-in admin user password to '$RANDOM_PASS' *"
|
||||
echo "* If you want to set it manually, use ADMIN_USER_PASS environment variable. *"
|
||||
echo "*****************************************************************************"
|
||||
|
||||
sudo -Eu app php82 $DST_DIR/update.php --user-set-password "admin:$RANDOM_PASS"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -z "$ADMIN_USER_ACCESS_LEVEL" ]; then
|
||||
sudo -Eu app php82 $DST_DIR/update.php --user-set-access-level "admin:$ADMIN_USER_ACCESS_LEVEL"
|
||||
fi
|
||||
|
||||
if [ ! -z "$AUTO_CREATE_USER" ]; then
|
||||
sudo -Eu app /bin/sh -c "php82 $DST_DIR/update.php --user-exists $AUTO_CREATE_USER ||
|
||||
php82 $DST_DIR/update.php --force-yes --user-add \"$AUTO_CREATE_USER:$AUTO_CREATE_USER_PASS:$AUTO_CREATE_USER_ACCESS_LEVEL\""
|
||||
fi
|
||||
|
||||
rm -f /tmp/error.log && mkfifo /tmp/error.log && chown app:app /tmp/error.log
|
||||
|
||||
(tail -q -f /tmp/error.log >> /proc/1/fd/2) &
|
||||
|
||||
unset ADMIN_USER_PASS
|
||||
unset AUTO_CREATE_USER_PASS
|
||||
|
||||
touch $DST_DIR/.app_is_ready
|
||||
|
||||
exec /usr/sbin/php-fpm82 --nodaemonize --force-stderr
|
||||
|
||||
Reference in New Issue
Block a user