diff --git a/Dockerfile b/Dockerfile index 338e877..2196102 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.14 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15 # set version label ARG BUILD_DATE @@ -11,29 +11,35 @@ LABEL maintainer="aptalca" ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ - echo "**** install runtime packages ****" && \ - apk add --no-cache --upgrade \ - curl \ - php7-ctype \ - php7-curl \ - php7-pdo_pgsql \ - php7-pdo_sqlite \ - php7-pdo_mysql \ - php7-tokenizer \ - php7-zip && \ - echo "**** install heimdall ****" && \ - mkdir -p \ - /heimdall && \ - if [ -z ${HEIMDALL_RELEASE+x} ]; then \ - HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]'); \ - fi && \ - curl -o \ - /heimdall/heimdall.tar.gz -L \ - "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \ - echo "**** cleanup ****" && \ - rm -rf \ - /tmp/* + echo "**** install runtime packages ****" && \ + apk add --no-cache --upgrade \ + curl \ + php8-ctype \ + php8-curl \ + php8-intl \ + php8-pdo_pgsql \ + php8-pdo_sqlite \ + php8-pdo_mysql \ + php8-tokenizer \ + php8-zip \ + tar && \ + echo "**** install heimdall ****" && \ + mkdir -p \ + /heimdall && \ + if [ -z ${HEIMDALL_RELEASE+x} ]; then \ + HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \ + | awk '/tag_name/{print $4;exit}' FS='[""]'); \ + fi && \ + curl -o \ + /heimdall/heimdall.tar.gz -L \ + "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \ + echo "**** cleanup ****" && \ + rm -rf \ + /tmp/* # add local files COPY root/ / + +# ports and volumes +EXPOSE 80 443 +VOLUME /config diff --git a/Dockerfile.aarch64 b/Dockerfile.aarch64 index c24893c..a18fb82 100644 --- a/Dockerfile.aarch64 +++ b/Dockerfile.aarch64 @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.14 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15 # set version label ARG BUILD_DATE @@ -11,29 +11,35 @@ LABEL maintainer="aptalca" ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ - echo "**** install runtime packages ****" && \ - apk add --no-cache --upgrade \ - curl \ - php7-ctype \ - php7-curl \ - php7-pdo_pgsql \ - php7-pdo_sqlite \ - php7-pdo_mysql \ - php7-tokenizer \ - php7-zip && \ - echo "**** install heimdall ****" && \ - mkdir -p \ - /heimdall && \ - if [ -z ${HEIMDALL_RELEASE+x} ]; then \ - HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]'); \ - fi && \ - curl -o \ - /heimdall/heimdall.tar.gz -L \ - "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \ - echo "**** cleanup ****" && \ - rm -rf \ - /tmp/* + echo "**** install runtime packages ****" && \ + apk add --no-cache --upgrade \ + curl \ + php8-ctype \ + php8-curl \ + php8-intl \ + php8-pdo_pgsql \ + php8-pdo_sqlite \ + php8-pdo_mysql \ + php8-tokenizer \ + php8-zip \ + tar && \ + echo "**** install heimdall ****" && \ + mkdir -p \ + /heimdall && \ + if [ -z ${HEIMDALL_RELEASE+x} ]; then \ + HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \ + | awk '/tag_name/{print $4;exit}' FS='[""]'); \ + fi && \ + curl -o \ + /heimdall/heimdall.tar.gz -L \ + "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \ + echo "**** cleanup ****" && \ + rm -rf \ + /tmp/* # add local files COPY root/ / + +# ports and volumes +EXPOSE 80 443 +VOLUME /config diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 92bd786..abac25a 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,4 +1,4 @@ -FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.14 +FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15 # set version label ARG BUILD_DATE @@ -11,29 +11,35 @@ LABEL maintainer="aptalca" ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 RUN \ - echo "**** install runtime packages ****" && \ - apk add --no-cache --upgrade \ - curl \ - php7-ctype \ - php7-curl \ - php7-pdo_pgsql \ - php7-pdo_sqlite \ - php7-pdo_mysql \ - php7-tokenizer \ - php7-zip && \ - echo "**** install heimdall ****" && \ - mkdir -p \ - /heimdall && \ - if [ -z ${HEIMDALL_RELEASE+x} ]; then \ - HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \ - | awk '/tag_name/{print $4;exit}' FS='[""]'); \ - fi && \ - curl -o \ - /heimdall/heimdall.tar.gz -L \ - "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \ - echo "**** cleanup ****" && \ - rm -rf \ - /tmp/* + echo "**** install runtime packages ****" && \ + apk add --no-cache --upgrade \ + curl \ + php8-ctype \ + php8-curl \ + php8-intl \ + php8-pdo_pgsql \ + php8-pdo_sqlite \ + php8-pdo_mysql \ + php8-tokenizer \ + php8-zip \ + tar && \ + echo "**** install heimdall ****" && \ + mkdir -p \ + /heimdall && \ + if [ -z ${HEIMDALL_RELEASE+x} ]; then \ + HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \ + | awk '/tag_name/{print $4;exit}' FS='[""]'); \ + fi && \ + curl -o \ + /heimdall/heimdall.tar.gz -L \ + "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \ + echo "**** cleanup ****" && \ + rm -rf \ + /tmp/* # add local files COPY root/ / + +# ports and volumes +EXPOSE 80 443 +VOLUME /config diff --git a/README.md b/README.md index 2f1f184..0574b3d 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ Access the web gui at http://SERVERIP:PORT ### Adding password protection -This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd `. Replace with a username of your choice and you will be asked to enter a password. New installs will automatically pick it up and implement password protected access. Existing users updating their image can delete their site config at `/config/nginx/site-confs/default` and restart the container after updating the image. A new site config with htpasswd support will be created in its place. +This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd `. Replace with a username of your choice and you will be asked to enter a password. Uncomment the `basic auth` lines in `/config/nginx/site-confs/default.conf` and restart the container. ## Usage @@ -240,9 +240,9 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 ## Versions +* **14.11.22:** - Rebasing to alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base)). * **04.11.22:** - Build commits to upstream branch 2.x for the `development` tag. * **13.03.21:** - Make searchproviders.yaml user configurable. -* **11.03.21:** - Rebase to alpine 3.14. * **10.02.21:** - Revert to alpine 3.12 as php 7.4 broke laravel. * **10.02.21:** - Rebasing to alpine 3.13. * **17.08.20:** - Add php7-curl. @@ -265,5 +265,5 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64 * **07.10.18:** - Symlink `.env` rather than copy. It now resides under `/config/www` * **30.09.18:** - Multi-arch image. Move `.env` to `/config`. * **05.09.18:** - Rebase to alpine linux 3.8. -* **06.03.18:** - Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default and restart the container, a new default site config with htpasswd support will be created in its place +* **06.03.18:** - Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default.conf and restart the container, a new default site config with htpasswd support will be created in its place * **12.02.18:** - Initial Release. diff --git a/readme-vars.yml b/readme-vars.yml index 8ccb539..c69fa69 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -45,13 +45,13 @@ app_setup_block: | ### Adding password protection - This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd `. Replace with a username of your choice and you will be asked to enter a password. New installs will automatically pick it up and implement password protected access. Existing users updating their image can delete their site config at `/config/nginx/site-confs/default` and restart the container after updating the image. A new site config with htpasswd support will be created in its place. + This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd `. Replace with a username of your choice and you will be asked to enter a password. Uncomment the `basic auth` lines in `/config/nginx/site-confs/default.conf` and restart the container. # changelog changelogs: + - { date: "14.11.22:", desc: "Rebasing to alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base))." } - { date: "04.11.22:", desc: "Build commits to upstream branch 2.x for the `development` tag." } - { date: "13.03.21:", desc: "Make searchproviders.yaml user configurable." } - - { date: "11.03.21:", desc: "Rebase to alpine 3.14." } - { date: "10.02.21:", desc: "Revert to alpine 3.12 as php 7.4 broke laravel." } - { date: "10.02.21:", desc: "Rebasing to alpine 3.13." } - { date: "17.08.20:", desc: "Add php7-curl." } @@ -74,5 +74,5 @@ changelogs: - { date: "07.10.18:", desc: "Symlink `.env` rather than copy. It now resides under `/config/www`" } - { date: "30.09.18:", desc: "Multi-arch image. Move `.env` to `/config`." } - { date: "05.09.18:", desc: "Rebase to alpine linux 3.8." } - - { date: "06.03.18:", desc: "Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default and restart the container, a new default site config with htpasswd support will be created in its place" } + - { date: "06.03.18:", desc: "Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default.conf and restart the container, a new default site config with htpasswd support will be created in its place" } - { date: "12.02.18:", desc: "Initial Release." } diff --git a/root/defaults/default b/root/defaults/default deleted file mode 100644 index fcf9351..0000000 --- a/root/defaults/default +++ /dev/null @@ -1,43 +0,0 @@ -## Version 2018/03/06 - Changelog: https://github.com/linuxserver/docker-heimdall/commits/master/root/defaults/default - -server { - listen 80 default_server; - - listen 443 ssl; - - root /var/www/localhost/heimdall/public; - index index.php index.html index.htm; - - server_name _; - - ssl_certificate /config/keys/cert.crt; - ssl_certificate_key /config/keys/cert.key; - - client_max_body_size 0; - - error_page 599 = @noauth; - - location / { - if (!-f /config/nginx/.htpasswd) { - return 599; - } - auth_basic "Restricted"; - auth_basic_user_file /config/nginx/.htpasswd; - try_files $uri $uri/ /index.php?$args; - } - - location @noauth { - try_files $uri $uri/ /index.php?$args; - } - - location ~ \.php$ { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - # With php5-cgi alone: - fastcgi_pass 127.0.0.1:9000; - # With php5-fpm: - #fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - - } -} diff --git a/root/defaults/nginx.conf b/root/defaults/nginx.conf deleted file mode 100644 index 70e8488..0000000 --- a/root/defaults/nginx.conf +++ /dev/null @@ -1,98 +0,0 @@ -user abc; -worker_processes 4; -pid /run/nginx.pid; -include /etc/nginx/modules/*.conf; - -events { - worker_connections 768; - # multi_accept on; -} - -http { - - ## - # Basic Settings - ## - - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - # server_tokens off; - - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; - - client_max_body_size 0; - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - ## - # Logging Settings - ## - - access_log /config/log/nginx/access.log; - error_log /config/log/nginx/error.log; - - ## - # Gzip Settings - ## - - gzip on; - gzip_disable "msie6"; - - # gzip_vary on; - # gzip_proxied any; - # gzip_comp_level 6; - # gzip_buffers 16 8k; - # gzip_http_version 1.1; - # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; - - ## - # nginx-naxsi config - ## - # Uncomment it if you installed nginx-naxsi - ## - - #include /etc/nginx/naxsi_core.rules; - - ## - # nginx-passenger config - ## - # Uncomment it if you installed nginx-passenger - ## - - #passenger_root /usr; - #passenger_ruby /usr/bin/ruby; - - ## - # Virtual Host Configs - ## - include /etc/nginx/conf.d/*.conf; - include /config/nginx/site-confs/*; -} - - -#mail { -# # See sample authentication script at: -# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# -# # auth_http localhost/auth.php; -# # pop3_capabilities "TOP" "USER"; -# # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# -# server { -# listen localhost:110; -# protocol pop3; -# proxy on; -# } -# -# server { -# listen localhost:143; -# protocol imap; -# proxy on; -# } -#} -daemon off; diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample new file mode 100644 index 0000000..22ca85a --- /dev/null +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -0,0 +1,34 @@ +## Version 2022/11/14 - Changelog: https://github.com/linuxserver/docker-heimdall/commits/master/root/defaults/nginx/site-confs/default.conf.sample + +server { + listen 80 default_server; + listen [::]:80 default_server; + + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + + server_name _; + + root /app/www/public; + index index.html index.htm index.php; + + location / { + # enable for basic auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + try_files $uri $uri/ /index.html /index.php$is_args$args; + } + + location ~ ^(.+\.php)(.*)$ { + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + # deny access to .htaccess/.htpasswd files + location ~ /\.ht { + deny all; + } +} diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config index c04c31a..c30d046 100644 --- a/root/etc/cont-init.d/50-config +++ b/root/etc/cont-init.d/50-config @@ -2,57 +2,65 @@ # make our folders mkdir -p \ - /config/www/{backgrounds,icons,avatars,SupportedApps} \ - /var/www/localhost/heimdall \ - /config/log/heimdall + /config/www/{backgrounds,icons,avatars,SupportedApps} \ + /app/www \ + /config/log/heimdall # install heimdall if necessary -[[ -f /heimdall/heimdall.tar.gz ]] && \ - echo "New container detected, installing Heimdall" && \ - tar xf \ - /heimdall/heimdall.tar.gz -C \ - /var/www/localhost/heimdall --strip-components=1 && \ - echo -e '\n# Heimdall user authorization\nfastcgi_param PHP_AUTH_USER $remote_user;\nfastcgi_param PHP_AUTH_PW $http_authorization;' >> \ - /etc/nginx/fastcgi_params && \ - rm -rf /heimdall && \ - cp /var/www/localhost/heimdall/storage/app/searchproviders.yaml /var/www/localhost/heimdall/storage/app/searchproviders.yaml.orig && \ - chown -R abc:abc /var/www/localhost/heimdall - +if [[ -f /heimdall/heimdall.tar.gz ]]; then + echo "New container detected, installing Heimdall" + tar xf \ + /heimdall/heimdall.tar.gz -C \ + /app/www --strip-components=1 + echo -e '\n# Heimdall user authorization\nfastcgi_param PHP_AUTH_USER $remote_user;\nfastcgi_param PHP_AUTH_PW $http_authorization;' >> \ + /etc/nginx/fastcgi_params + rm -rf /heimdall + cp /app/www/storage/app/searchproviders.yaml /app/www/storage/app/searchproviders.yaml.orig + chown -R abc:abc /app/www +fi # create symlinks symlinks=( \ -/var/www/localhost/heimdall/storage/app/public/avatars \ -/var/www/localhost/heimdall/storage/app/public/backgrounds \ -/var/www/localhost/heimdall/storage/app/public/icons \ -/var/www/localhost/heimdall/app/SupportedApps \ -/var/www/localhost/heimdall/database/app.sqlite \ -/var/www/localhost/heimdall/.env ) +/app/www/storage/app/public/avatars \ +/app/www/storage/app/public/backgrounds \ +/app/www/storage/app/public/icons \ +/app/www/app/SupportedApps \ +/app/www/database/app.sqlite \ +/app/www/.env ) for i in "${symlinks[@]}" do -[[ -e "$i" && ! -L "$i" ]] && rm -rf "$i" -[[ ! -L "$i" ]] && ln -s /config/www/"$(basename "$i")" "$i" + if [[ -e "$i" && ! -L "$i" ]]; then + rm -rf "$i" + fi + if [[ ! -L "$i" ]]; then + ln -s /config/www/"$(basename "$i")" "$i" + fi done -[[ -e "/var/www/localhost/heimdall/storage/logs/laravel.log" && ! -L "/var/www/localhost/heimdall/storage/logs/laravel.log" ]] \ - && rm -rf "/var/www/localhost/heimdall/storage/logs/laravel.log" -[[ ! -L "/var/www/localhost/heimdall/storage/logs/laravel.log" ]] && \ - ln -s "/config/log/heimdall/laravel.log" "/var/www/localhost/heimdall/storage/logs/laravel.log" +if [[ -e "/app/www/storage/logs/laravel.log" && ! -L "/app/www/storage/logs/laravel.log" ]]; then + rm -rf "/app/www/storage/logs/laravel.log" +fi +if [[ ! -L "/app/www/storage/logs/laravel.log" ]]; then + ln -s "/config/log/heimdall/laravel.log" "/app/www/storage/logs/laravel.log" +fi # copy .env if not exists -[[ ! -f /config/www/.env ]] && \ - cp /var/www/localhost/heimdall/.env.example /config/www/.env && \ - echo "Creating app key. This may take a while on slower systems" && \ - php /var/www/localhost/heimdall/artisan key:generate +if [[ ! -f /config/www/.env ]]; then + cp /app/www/.env.example /config/www/.env + echo "Creating app key. This may take a while on slower systems" + php /app/www/artisan key:generate +fi # copy searchproviders if not exists and symlink -[[ ! -f /config/www/searchproviders.yaml ]] && \ - cp /var/www/localhost/heimdall/storage/app/searchproviders.yaml.orig /config/www/searchproviders.yaml -rm -rf /var/www/localhost/heimdall/storage/app/searchproviders.yaml -ln -s /config/www/searchproviders.yaml /var/www/localhost/heimdall/storage/app/searchproviders.yaml +if [[ ! -f /config/www/searchproviders.yaml ]]; then + cp /app/www/storage/app/searchproviders.yaml.orig /config/www/searchproviders.yaml +fi +rm -rf /app/www/storage/app/searchproviders.yaml +ln -s /config/www/searchproviders.yaml /app/www/storage/app/searchproviders.yaml # set queue driver to database sed -i 's/QUEUE_DRIVER=sync/QUEUE_DRIVER=database/' /config/www/.env # permissions echo "Setting permissions" chown -R abc:abc \ - /config + /config diff --git a/root/etc/services.d/queue/run b/root/etc/services.d/queue/run index 5fbc6b3..99b3fbf 100644 --- a/root/etc/services.d/queue/run +++ b/root/etc/services.d/queue/run @@ -1,4 +1,4 @@ #!/usr/bin/with-contenv bash exec \ - s6-setuidgid abc php /var/www/localhost/heimdall/artisan queue:work database --sleep=3 --tries=3 + s6-setuidgid abc php /app/www/artisan queue:work database --sleep=3 --tries=3 diff --git a/root/migrations/02-default-location b/root/migrations/02-default-location new file mode 100644 index 0000000..d4119eb --- /dev/null +++ b/root/migrations/02-default-location @@ -0,0 +1,10 @@ +#!/usr/bin/with-contenv bash + +DEFAULT_CONF="/config/nginx/site-confs/default.conf" +OLD_ROOT="root /var/www/localhost/heimdall/public;" +NEW_ROOT="root /app/www/public;" + +if grep -q "${OLD_ROOT}" "${DEFAULT_CONF}" 2>/dev/null; then + echo "updating root in ${DEFAULT_CONF}" + sed -i "s|${OLD_ROOT}|${NEW_ROOT}|" "${DEFAULT_CONF}" +fi diff --git a/root/var/www/localhost/heimdall/public/index.html b/root/var/www/localhost/heimdall/public/index.html new file mode 100644 index 0000000..2ac31be --- /dev/null +++ b/root/var/www/localhost/heimdall/public/index.html @@ -0,0 +1,40 @@ + + + Upgrade Required! + + + +
+

Upgrade Required!

+

The application inside this image has been moved to a new folder.

+

You will need to update your /config/nginx/nginx.conf and /config/nginx/site-confs/default.conf in order for the application to work.

+

New config samples are located at /config/nginx/nginx.conf.sample and /config/nginx/site-confs/default.conf.sample

+

Please review our announcement: Significant changes to nginx based images

+
+ +