Working on TTRSS

tt-rss/Dockerfile

@@ -0,0 +1,84 @@
+FROM registry.fakecake.org/docker.io/alpine:3.18
+EXPOSE 9000/tcp
+
+ENV SCRIPT_ROOT=/opt/tt-rss
+ENV SRC_DIR=/src/tt-rss/
+
+RUN apk add --no-cache dcron php82 php82-fpm php82-phar php82-sockets php82-pecl-apcu \
+	php82-pdo php82-gd php82-mysql php82-pdo_mysql php82-xmlwriter php82-opcache \
+	php82-mbstring php82-intl php82-xml php82-curl php82-simplexml \
+	php82-session php82-tokenizer php82-dom php82-fileinfo php82-ctype \
+	php82-json php82-iconv php82-pcntl php82-posix php82-zip php82-exif \
+	php82-openssl git mysql mysql-client sudo php82-pecl-xdebug rsync tzdata && \
+	sed -i 's/\(memory_limit =\) 128M/\1 256M/' /etc/php82/php.ini && \
+	sed -i -e 's/^listen = 127.0.0.1:9000/listen = 9000/' \
+		-e 's/;\(clear_env\) = .*/\1 = no/i' \
+		-e 's/^\(user\|group\) = .*/\1 = app/i' \
+		-e 's/;\(php_admin_value\[error_log\]\) = .*/\1 = \/tmp\/error.log/' \
+		-e 's/;\(php_admin_flag\[log_errors\]\) = .*/\1 = on/' \
+			/etc/php82/php-fpm.d/www.conf && \
+	mkdir -p /var/www ${SCRIPT_ROOT}/config.d
+
+ARG CI_COMMIT_BRANCH
+ENV CI_COMMIT_BRANCH=${CI_COMMIT_BRANCH}
+
+ARG CI_COMMIT_SHORT_SHA
+ENV CI_COMMIT_SHORT_SHA=${CI_COMMIT_SHORT_SHA}
+
+ARG CI_COMMIT_TIMESTAMP
+ENV CI_COMMIT_TIMESTAMP=${CI_COMMIT_TIMESTAMP}
+
+ARG CI_COMMIT_SHA
+ENV CI_COMMIT_SHA=${CI_COMMIT_SHA}
+
+ADD --chmod=0755 startup.sh ${SCRIPT_ROOT}
+
+ADD index.php ${SCRIPT_ROOT}
+ADD config.docker.php ${SCRIPT_ROOT}
+
+COPY --from=app-src . ${SRC_DIR}
+
+ARG ORIGIN_REPO_XACCEL=https://git.tt-rss.org/fox/ttrss-nginx-xaccel.git
+
+RUN git clone --depth=1 ${ORIGIN_REPO_XACCEL} ${SRC_DIR}/plugins.local/nginx_xaccel
+
+ENV OWNER_UID=1000
+ENV OWNER_GID=1000
+
+ENV PHP_WORKER_MAX_CHILDREN=5
+ENV PHP_WORKER_MEMORY_LIMIT=256M
+
+# these are applied on every startup, if set
+ENV ADMIN_USER_PASS=""
+# see classes/UserHelper.php ACCESS_LEVEL_*
+# setting this to -2 would effectively disable built-in admin user
+# unless single user mode is enabled
+ENV ADMIN_USER_ACCESS_LEVEL=""
+
+# these are applied unless user already exists
+ENV AUTO_CREATE_USER=""
+ENV AUTO_CREATE_USER_PASS=""
+ENV AUTO_CREATE_USER_ACCESS_LEVEL="0"
+
+# TODO: remove prefix from container variables not used by tt-rss itself:
+#
+# - TTRSS_NO_STARTUP_PLUGIN_UPDATES -> NO_STARTUP_PLUGIN_UPDATES
+# - TTRSS_XDEBUG_... -> XDEBUG_...
+
+# don't try to update local plugins on startup
+ENV TTRSS_NO_STARTUP_PLUGIN_UPDATES=""
+
+# TTRSS_XDEBUG_HOST defaults to host IP if unset
+ENV TTRSS_XDEBUG_ENABLED=""
+ENV TTRSS_XDEBUG_HOST=""
+ENV TTRSS_XDEBUG_PORT="9000"
+
+ENV TTRSS_DB_TYPE="mysql"
+ENV TTRSS_DB_PORT="3306"
+
+ENV TTRSS_MYSQL_CHARSET="UTF8"
+ENV TTRSS_PHP_EXECUTABLE="/usr/bin/php82"
+ENV TTRSS_PLUGINS="auth_internal, note, nginx_xaccel"
+
+CMD ${SCRIPT_ROOT}/startup.sh
+

tt-rss/index.php

@@ -0,0 +1,4 @@
+<?php 
+   header("Location: /tt-rss/");
+   return;
+

tt-rss/startup.sh

@@ -0,0 +1,130 @@
+#!/bin/sh -e
+
+# We don't need those here (HTTP_HOST would cause false SELF_URL_PATH check failures)
+unset HTTP_PORT
+unset HTTP_HOST
+
+if ! id app >/dev/null 2>&1; then
+	addgroup -g $OWNER_GID app
+	adduser -D -h /var/www/html -G app -u $OWNER_UID app
+fi
+
+update-ca-certificates || true
+
+DST_DIR=/var/www/html/tt-rss
+
+[ -e $DST_DIR ] && rm -f $DST_DIR/.app_is_ready
+
+[ ! -e /var/www/html/index.php ] && cp ${SCRIPT_ROOT}/index.php /var/www/html
+
+if [ ! -d $DST_DIR ]; then
+	mkdir -p $DST_DIR
+	chown $OWNER_UID:$OWNER_GID $DST_DIR
+
+	sudo -u app rsync -a \
+		$SRC_DIR/ $DST_DIR/
+else
+	chown -R $OWNER_UID:$OWNER_GID $DST_DIR
+
+	sudo -u app rsync -a --delete \
+		--exclude /cache \
+		--exclude /lock \
+		--exclude /feed-icons \
+		--exclude /plugins/af_comics/filters.local \
+		--exclude /plugins.local \
+		--exclude /templates.local \
+		--exclude /themes.local \
+		$SRC_DIR/ $DST_DIR/
+
+	sudo -u app rsync -a --delete \
+		$SRC_DIR/plugins.local/nginx_xaccel \
+		$DST_DIR/plugins.local/nginx_xaccel
+fi
+
+for d in cache lock feed-icons plugins.local themes.local; do
+	sudo -u app mkdir -p $DST_DIR/$d
+done
+
+for d in cache lock feed-icons; do
+	chmod 777 $DST_DIR/$d
+	find $DST_DIR/$d -type f -exec chmod 666 {} \;
+done
+
+sudo -u app cp ${SCRIPT_ROOT}/config.docker.php $DST_DIR/config.php
+chmod 644 $DST_DIR/config.php
+
+chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
+	/var/log/php82
+
+if [ -z "$TTRSS_NO_STARTUP_PLUGIN_UPDATES" ]; then
+	echo updating all local plugins...
+
+	find $DST_DIR/plugins.local -mindepth 1 -maxdepth 1 -type d | while read PLUGIN; do
+		if [ -d $PLUGIN/.git ]; then
+			echo updating $PLUGIN...
+
+			cd $PLUGIN && \
+				sudo -u app git config core.filemode false && \
+				sudo -u app git config pull.rebase false && \
+				sudo -u app git pull origin master || echo warning: attempt to update plugin $PLUGIN failed.
+		fi
+	done
+else
+	echo skipping local plugin updates, disabled.
+fi
+
+MSQL="mysql -q -h $TTRSS_DB_HOST -U $TTRSS_DB_USER -p $TTRSS_DB_PASS -D $TTRSS_DB_NAME"
+
+RESTORE_SCHEMA=${SCRIPT_ROOT}/restore-schema.sql.gz
+
+if [ -r $RESTORE_SCHEMA ]; then
+	$PSQL -c "drop schema public cascade; create schema public;"
+	zcat $RESTORE_SCHEMA | $PSQL
+fi
+
+# this was previously generated
+rm -f $DST_DIR/config.php.bak
+
+sed -i.bak "s/^\(memory_limit\) = \(.*\)/\1 = ${PHP_WORKER_MEMORY_LIMIT}/" \
+	/etc/php82/php.ini
+
+sed -i.bak "s/^\(pm.max_children\) = \(.*\)/\1 = ${PHP_WORKER_MAX_CHILDREN}/" \
+	/etc/php82/php-fpm.d/www.conf
+
+sudo -Eu app php82 $DST_DIR/update.php --update-schema=force-yes
+
+if [ ! -z "$ADMIN_USER_PASS" ]; then
+	sudo -Eu app php82 $DST_DIR/update.php --user-set-password "admin:$ADMIN_USER_PASS"
+else
+	if sudo -Eu app php82 $DST_DIR/update.php --user-check-password "admin:password"; then
+		RANDOM_PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16 ; echo '')
+
+		echo "*****************************************************************************"
+		echo "* Setting initial built-in admin user password to '$RANDOM_PASS'        *"
+		echo "* If you want to set it manually, use ADMIN_USER_PASS environment variable. *"
+		echo "*****************************************************************************"
+
+		sudo -Eu app php82 $DST_DIR/update.php --user-set-password "admin:$RANDOM_PASS"
+	fi
+fi
+
+if [ ! -z "$ADMIN_USER_ACCESS_LEVEL" ]; then
+	sudo -Eu app php82 $DST_DIR/update.php --user-set-access-level "admin:$ADMIN_USER_ACCESS_LEVEL"
+fi
+
+if [ ! -z "$AUTO_CREATE_USER" ]; then
+	sudo -Eu app /bin/sh -c "php82 $DST_DIR/update.php --user-exists $AUTO_CREATE_USER ||
+		php82 $DST_DIR/update.php --force-yes --user-add \"$AUTO_CREATE_USER:$AUTO_CREATE_USER_PASS:$AUTO_CREATE_USER_ACCESS_LEVEL\""
+fi
+
+rm -f /tmp/error.log && mkfifo /tmp/error.log && chown app:app /tmp/error.log
+
+(tail -q -f /tmp/error.log >> /proc/1/fd/2) &
+
+unset ADMIN_USER_PASS
+unset AUTO_CREATE_USER_PASS
+
+touch $DST_DIR/.app_is_ready
+
+exec /usr/sbin/php-fpm82 --nodaemonize --force-stderr
+