Subversion Repositories Docker.freshrss

Compare Revisions

No changes between revisions

Ignore whitespace Rev 30 → Rev 31

/tags/20201024/Dockerfile
0,0 → 1,0
link app/build/Dockerfile
Property changes:
Added: svn:special
+*
\ No newline at end of property
/tags/20201024/Makefile
0,0 → 1,0
link app/build/Makefile
Property changes:
Added: svn:special
+*
\ No newline at end of property
/tags/20201024/app/build/Dockerfile
0,0 → 1,59
##############################################################################
#
# freshrss
#
# FreshRSS is a self-hosted RSS feed aggregator (like miniflux).
#
##############################################################################
ARG DOCKERARCH
ARG BUILDTAG
FROM scheerdock/nginx-php7_${DOCKERARCH}:$BUILDTAG
 
##############################################################################
# Set name of image for using it at runtime
##############################################################################
ARG IMAGENAME=Dockerimage
ENV DOCKERIMAGE=$IMAGENAME
ARG IMAGEVERSION=0.0
ENV DOCKERIMAGEVERSION=$IMAGEVERSION
ARG IMAGEBASE=unknown
ENV DOCKERIMAGEBASE=$IMAGEBASE
ARG BUILDDATE=unknown
ENV DOCKERIMAGEBUILDDATE=$BUILDDATE
 
##############################################################################
# App specific variables
##############################################################################
 
 
##############################################################################
# Used volumes
##############################################################################
VOLUME /data
VOLUME /data-shared
VOLUME /letsencrypt
 
##############################################################################
# Exposed ports
##############################################################################
 
 
##############################################################################
# Add the App stuff
##############################################################################
ADD app /app-release
 
##############################################################################
# Install the app
##############################################################################
RUN echo "$DOCKERIMAGE" > /etc/imagename \
&& echo "$DOCKERIMAGEBASE" > /etc/imagebase \
#
# Do all necessary installation steps for this image \
&& /app-release/build/installimage
 
##############################################################################
# Start the container with the default argument "--init"
##############################################################################
ENTRYPOINT ["/usr/local/bin/startcontainer"]
CMD ["--init"]
/tags/20201024/app/build/Makefile
0,0 → 1,177
##############################################################################
# General Makefile for docker images
#
# Following calls are possible:
# - make or make imagename: Build the image. The resulting image is tagged
# with the value of the environment variable $DOCKERDEVTAG or "latest"
# if this variable is not set.
#
# - make push: Push the current image with the tags "latest" and the
# date of the last modification of the file .dockerbuild to Docker Hub.
#
# - make multiarch: Create a docker manifest list with the tags "latest"
# and the date of the last modification of the file .dockerbuild to
# push them to Docker Hub.
#
# - make release: Release the current image with the tags "latest" and the
# date of the last modification of the file .dockerbuild to Docker Hub.
# Furthermore a new tag is created in the SVN repository.
#
# - make links: Create all necessary directory links for accessing the
# persistent data stores.
#
##############################################################################
 
#
# Definition of some variables
IMAGENAME = $(shell denv imagename)
IMAGEVERSION = $(shell date +%Y%m%d)
IMAGEBASE = $(shell getimagebase $(IMAGENAME))
IMAGEDEP =
BUILDDATE = $(shell date +%x-%X)
BUILDARGS =
NETWORKALIAS = $(shell denv networkalias)
 
 
#
# Including an image dependant makefile. This can be used
# for redefining the above mentioned variables (especially
# IMAGEDEP and BUILDARGS)
include app/build/Makefile.appvariables
 
 
#
# Definition of source files
SOURCES = Dockerfile $(IMAGEDEP)
APPFILES = $(shell find app -type f -print)
 
 
#
# Definition of used commands within this makefile.
DOCKER = docker
SVN = svn
CP = cp -f
RM = rm -f
TOUCH = touch
MKDIR = mkdir -p
CHOWN = chown
CHGRP = chgrp
CHMOD = chmod
SUDO = sudo
TAR = tar
LN = ln -snf
ECHO = /bin/echo -n -e
 
 
#
# Target for building the image.
$(IMAGENAME) : .dockerbuild
 
 
#
# Target for pushing the built target to the Docker Hub.
push : .dockerpush
 
 
#
# Target for pushing the manifest for a multiarch image to the Docker Hub.
multiarch : .dockermultiarch
 
 
#
# Target for creating the docker release within the
# subversion repository.
release : .dockerrelease
 
 
#
# Target for creating links to the /data and /data-shared directories
links :
$(LN) $(DOCKERDATA)/$(IMAGENAME) $(DOCKERDIR)/$(IMAGENAME)/data
$(LN) $(DOCKERSHAREDDATA)/$(IMAGENAME) $(DOCKERDIR)/$(IMAGENAME)/data-shared
 
 
 
#
# Target for internal use only!
# This target builds the docker image.
.dockerbuild : $(SOURCES) $(APPFILES)
$(DOCKER) build --build-arg IMAGENAME=$(IMAGENAME) \
--build-arg IMAGEVERSION="$(IMAGEVERSION)" \
--build-arg IMAGEBASE="$(IMAGEBASE)" \
--build-arg DOCKERARCH="$(DOCKERARCH)" \
--build-arg BUILDTAG="$(BUILDTAG)" \
--build-arg BUILDDATE="$(BUILDDATE)" \
--build-arg NETWORKALIAS=$(NETWORKALIAS) \
$(BUILDARGS) \
--tag $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(BUILDTAG) . \
&& $(TOUCH) .dockerbuild \
&& $(CP) app/build/conf/app.conf $(DOCKERDIR)/conf/$(IMAGENAME).conf
 
 
#
# Target for internal use only!
# This target pushes the docker image to the Docker Hub.
# The development image gets an additional tag "dev" or "latest"
# (this is defined in app/build/Makefile.appvariables).
.dockerpush : reldate=$(shell date +%Y%m%d --reference=.dockerbuild)
.dockerpush : .dockerbuild
@$(DOCKER) tag $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(BUILDTAG) $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest \
&& $(DOCKER) tag $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(BUILDTAG) $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(ECHO) "$(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest ...\n" \
&& $(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest \
&& $(ECHO) "\n$(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) ...\n" \
&& $(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(DOCKER) image rm $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(TOUCH) .dockerpush
 
 
#
# Target for internal use only!
# This target creates and pushes the docker manifest list to the Docker Hub.
.dockermultiarch: reldate=$(shell date +%Y%m%d --reference=.dockerbuild)
.dockermultiarch: .dockerpush
@$(ECHO) "Creating manifest $(DOCKERLOGIN)/$(IMAGENAME):latest ...\n" \
&& $(DOCKER) manifest create --amend $(DOCKERLOGIN)/$(IMAGENAME):latest \
$(DOCKERLOGIN)/$(IMAGENAME)_x86_64:latest \
$(DOCKERLOGIN)/$(IMAGENAME)_armv7l:latest \
&& $(ECHO) "\nCreating manifest $(DOCKERLOGIN)/$(IMAGENAME):$(reldate) ...\n" \
&& $(DOCKER) manifest create --amend $(DOCKERLOGIN)/$(IMAGENAME):$(reldate) \
$(DOCKERLOGIN)/$(IMAGENAME)_x86_64:latest \
$(DOCKERLOGIN)/$(IMAGENAME)_armv7l:latest \
&& $(ECHO) "\nPushing manifest $(DOCKERLOGIN)/$(IMAGENAME):latest ...\n" \
&& $(DOCKER) manifest push --purge $(DOCKERLOGIN)/$(IMAGENAME):latest \
&& $(ECHO) "\nPushing manifest $(DOCKERLOGIN)/$(IMAGENAME):$(reldate) ...\n" \
&& $(DOCKER) manifest push --purge $(DOCKERLOGIN)/$(IMAGENAME):$(reldate) \
&& $(TOUCH) .dockermultiarch
 
 
#
# Target for internal use only!
# This target creates a release tag within the subversion repository
.dockerrelease: reldate=$(shell date +%Y%m%d --reference=.dockerbuild)
.dockerrelease: .dockermultiarch
@$(SVN) diff --summarize | wc -l | grep -q 0 \
|| ($(ECHO) "Please commit changes to your software repository first.\n" && return 1)
@test .dockerpush -nt .dockerbuild \
&& $(ECHO) "Image is already pushed to Docker Hub.\n" \
|| ($(DOCKER) tag $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(ECHO) "$(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest ...\n" \
&& $(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):latest \
&& $(ECHO) "\n$(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) ...\n" \
&& $(DOCKER) push $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(DOCKER) image rm $(DOCKERLOGIN)/$(IMAGENAME)_$(DOCKERARCH):$(reldate) \
&& $(TOUCH) .dockerpush \
&& return 0 )
@$(TOUCH) .dockerrelease
@$(SVN) delete svn://$(DOCKERSVN)/Docker/$(IMAGENAME)/tags/$(reldate) \
-m "Tag $(reldate) deleted because of newer version." >/dev/null 2>&1; return 0
$(SVN) copy svn://$(DOCKERSVN)/Docker/$(IMAGENAME)/trunk \
svn://$(DOCKERSVN)/Docker/$(IMAGENAME)/tags/$(reldate) \
-m "Tag for image version $(reldate)."
 
 
#
# Including an image dependant makefile. This can be used
# for defining additional targets.
include app/build/Makefile.apptargets
/tags/20201024/app/build/Makefile.apptargets
0,0 → 1,8
##############################################################################
#
# Image specific targets of the Makefile
#
##############################################################################
 
#
# Specify app specific targets here.
/tags/20201024/app/build/Makefile.appvariables
0,0 → 1,21
##############################################################################
#
# Image specific variables of the Makefile
#
##############################################################################
 
#
# Define the .dockerbuild file of the base image.
IMAGEDEP = $(DOCKERDIR)/nginx-php7/.dockerbuild
 
#
# Define additional arguments for the build process.
BUILDARGS =
 
#
# Define the name of the docker tag used for "docker build".
ifdef DOCKERBUILDTAG
BUILDTAG = $(DOCKERBUILDTAG)
else
BUILDTAG = latest
endif
/tags/20201024/app/build/conf/app.conf
0,0 → 1,100
##############################################################################
#
# Configuration file of the image.
#
##############################################################################
 
#
# Name of this image
IMAGENAME=freshrss
 
 
#
# Tag to be used for starting a container of this image
IMAGETAG=latest
 
 
#
# Name of the container
CONTAINERNAME=$IMAGENAME
 
 
#
# Name of the service in case of starting a container by docker-compose
SERVICENAME=$CONTAINERNAME
 
 
#
# Environment variables
ENV[RESTRICTWEBACCESS]=0
ENV[WEBURLPATH]="/freshrss/"
ENV[WEBPROXYURL]='https://freshrss/'
ENV[PROXYKEY]=""
ENV[PROXYLISTENERIP]="proxy"
ENV[PROXYLISTENERPORT]="13207"
ENV[FEEDRELOAD]=15
 
 
 
#
# Definition of used volumes
VOLUME[0]="$DOCKERDATA/$IMAGENAME:/data"
VOLUME[1]="$DOCKERSHAREDDATA/$IMAGENAME:/data-shared"
VOLUME[2]="$DOCKERSHAREDDATA/letsencrypt/scheernet.spdns.de/fullchain.pem:/certstore/fullchain.pem"
VOLUME[3]="$DOCKERSHAREDDATA/letsencrypt/scheernet.spdns.de/privkey.pem:/certstore/privkey.pem"
 
 
#
# Definition of used block devices
DEVICE[0]=""
 
 
#
# Definition of dependencies.
# The dependent containers must run before starting a container of this
# image.
# DEPENDENCYCHECK defines weather the check is active (1) or inactive (0).
# DEPENDENCYDELAY defines the delay between two checks.
# DPENDENCY[] defines an array to generate the depends_on section in the
# docker-compose YAML-file.
ENV[DEPENDENCYCHECK]="1"
ENV[DEPENDENCYDELAY]="10"
DEPENDENCY[0]=""
 
 
#
# Intial script when starting the container.
# (Leave empty for using the script defined in the image's Dockerfile)
ENTRYPOINT=()
 
 
#
# Definition of one of the following modes to start the container.
# - detach: Start detached without interaction.
# - tty: Start with tty mode (stdin/stdout). This implies also interactive.
# - interactive: Run interactivly (necessary for batch jobs).
START="detach"
 
 
#
# Defintion of the type of restart for docker-compose.
# (no, unless-stopped, always, on-failure)
# https://docs.docker.com/compose/compose-file/#restart
RESTART="no"
 
 
#
# Alias hostname of the container
NETWORKALIAS=$IMAGENAME
 
 
#
# Definition of the network mode
# (bridge, host, none)
NETWORKMODE="bridge"
 
 
#
# Definition of the port(s) to publish to the host.
# ("hostport:containerport")
PORTMAP[0]=""
/tags/20201024/app/build/installimage
0,0 → 1,61
#!/bin/bash
##############################################################################
# Installation script for this app
##############################################################################
 
#
# Link the application directory to /app
if [ "$(readlink -f /app)" == '/app-develop' ]; then
echo
echo "Skipping the linking of /app because you are in a development environment."
else
ln -snf /app-release /app
fi
 
 
#
# Install required PHP modules
# https://github.com/FreshRSS/FreshRSS/blob/744a9e8cf00aef7dec0acfa5f90f0dcfa2ef8837/Docker/Dockerfile-Alpine#L7-L9
apk update
apk add --no-cache php7 php7-curl php7-gmp php7-intl php7-mbstring \
php7-xml php7-zip php7-ctype php7-dom php7-fileinfo \
php7-iconv php7-json php7-session php7-simplexml \
php7-xmlreader php7-zlib php7-pdo_mysql \
|| exit 1
 
 
#
# The worker processes of PHP-FPM must run with the user phpfpm because
# PHP is used to read and write files
sed --regexp-extended --in-place \
-e 's|^;*\s*user\s*=\s*\w*\s*|user = phpfpm|' \
-e 's|^;*\s*group\s*=\s*\w*\s*|group = phpfpm|' \
/etc/php7/php-fpm.d/www.conf
 
 
#
# Install FreshRSS
cd /app
wget https://github.com/FreshRSS/FreshRSS/archive/master.zip || exit 1
unzip master || exit 1
rm -f master.zip
rm -rf www && ln -s FreshRSS-master www
 
 
#
# After unziping the file master.zip all directories do have the mode 777.
# This will be changed to 755 to make the installation more robust against attacks.
find /app/FreshRSS-master -type d -exec chmod 755 {} \;
 
 
#
# The directive "root" in the file /etc/nginx/conf.d/default.conf must be changed
# from
# root /app/www;
# to
# root /app/www/p/;
#
# https://freshrss.github.io/FreshRSS/en/admins/02_Installation.html
sed --regexp-extended --in-place \
-e 's|(^\s*)root(\s*)/app/www|\1root\2/app/www/p/|' \
/etc/nginx/conf.d/default.conf
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20201024/app/init/README
0,0 → 1,12
##############################################################################
#
# This directory can contain executables which are started by the script
# /usr/local/bin/startcontainer.
#
# At startup the script /app/init/start is called. The script will be
# called with the arguments given to /usr/local/bin/startcontainer.
#
# If the script startcontainer is terminated by the signal SIGTERM, SIGINT,
# SIGHUP or SIGQUIT it will call the script /app/init/stop if it exists.
#
##############################################################################
/tags/20201024/app/init/start
0,0 → 1,341
#!/bin/bash
##############################################################################
#
# This script is called on startup of the container for initializing all
# nescessary daemons and services.
#
# For reducing process overload it is always a good idea to
# start the last program via exec.
#
##############################################################################
 
#
# With the environment variable RESTRICTWEBACCESS you can control the
# visibility of the webservice of this container.
# 0: The webserver is started and is accessable by anybody (world wide).
# 1: The webserver is started, but access is restricted to owners of the
# proxy's client certificate.
# The default is 0.
if [ -z "$RESTRICTWEBACCESS" ]; then
RESTRICTWEBACCESS=0
fi
 
#
# Set the path to access the webservice of this container with a browser.
# (https://your.domain.tld/weburlpath).
# The default is '$DOCKERIMAGE'.
if [ -z "$WEBURLPATH" ]; then
WEBURLPATH="/$DOCKERIMAGE/"
fi
 
#
# Set the destination for the proxy (Nginx proxy_pass directive).
# The default is 'https://$DOCKERIMAGE/'.
if [ -z "$WEBPROXYURL" ]; then
WEBPROXYURL="https://$DOCKERIMAGE/"
fi
 
#
# IP address the listener should be bind.
if [ -z "$PROXYLISTENERIP" ]; then
PROXYLISTENERIP="proxy"
fi
 
#
# Port the listerner should be bind.
if [ -z "$PROXYLISTENERPORT" ]; then
PROXYLISTENERPORT="13207"
fi
 
#
# Default interval for refreshing feeds
# The default is 15 minutes.
FEEDRELOADDEFAULT=15
if [ -z "$FEEDRELOAD" ]; then
FEEDRELOAD=$FEEDRELOADDEFAULT
fi
 
 
#
# Defintion of the short options for getopt
SOPTS=Df:iNP:R
 
#
# Defintion of the long options for getopt
LOPTS=dump,feed-reload:,help,init,no-dependencycheck,proxykey:,reload,dump
 
#
# Parse available options
PARSED=$(getopt --options=$SOPTS --longoptions=$LOPTS --name "$DOCKERIMAGE" -- "$@") || exit 2
eval set -- "$PARSED"
 
 
#
# Set some variables
CMD=""
 
 
#
# Now evaluate all options until --
mutualerr="The following options can only be used mutualy exclusive: --init, --reload, --dump. Exiting."
while true; do
case "$1" in
-D | --dump)
if [ -z "$CMD" ]; then
CMD=dump
shift 1
else
echo "$mutualerr" 1>&2
fi
;;
-f | --feed-reload)
FEEDRELOAD="$2"
shift 2
;;
--help)
echo "Usage: drun freshrss [OPTION]..."
echo "FreshRSS is a self-hosted RSS feed aggregator."
echo
echo "Mandatory arguments to long options are mandatory for short options too."
echo "-D, --dump Dump the current configuration of the nginx server."
echo "-f, --feed-reload MIN Setting the intervall in MINUTES for refreshing feeds (Default: $FEEDRELOADDEFAULT)."
echo " --help Show this help."
echo "-i, --init Start and initialize the container (this is the default behaviour)."
echo "-N, --no-dependencycheck Disable the check for availability of other services."
echo "-P, --proxykey=KEY Use KEY for proxy registration."
echo "-R, --reload Reload the nginx server."
exit 0
;;
-i | --init)
if [ -z "$CMD" ]; then
CMD=init
shift 1
else
echo "$mutualerr" 1>&2
fi
;;
-N | --no-dependencycheck)
DEPENDENCYCHECK=0
shift 1
;;
-P | --proxykey)
PROXYKEY="$2"
shift 2
;;
-R | --reload)
if [ -z "$CMD" ]; then
CMD=reload
shift 1
else
echo "$mutualerr" 1>&2
fi
;;
--)
shift
break
;;
*)
echo "This line cannot be reached. This must be a programming error. Exiting" 1>&2
exit 3
;;
esac
done
 
 
#
# If $CMD is not set, then 'init' is assumed as default.
if [ -z "$CMD" ]; then
CMD=init
fi
 
 
#
# Check the correct use of --no-dependencycheck.
if [ "$DEPENDENCYCHECK" != "1" -a "$CMD" != "init" ]; then
echo "The option --no-dependencycheck can only be used in conjunction with the option --init." 1>&2
exit 3
fi
 
 
case "$CMD" in
init)
#
# Checking for already running Nginx processes. This indicates the call
# of init within a running container.
psnum=$(ps | grep "nginx" | grep -v grep | wc -l)
if [ $psnum -gt 0 ]; then
echo "The container is already running. The parameter --init can only be used on creation of a container. Exiting" 1>&2
exit 1
fi
 
 
#
# Move the data directory to /data to get persistent
if [ ! -d /data/data ]; then
mv /app/www/data /data/data
chown -R scheerdock:phpfpm /data/data
chmod -R 770 /data/data
fi
rm -rf /app/www/data
ln -s /data/data /app/www/data
 
 
#
# Check for running database server ...
if [ -r /data/data/config.php -a "$DEPENDENCYCHECK" == "1" ]; then
#
# Get the database type from the database section.
dbtype=$(sed -n '/db/,/),/p' < /data/data/config.php \
| grep "'type' =>" \
| cut -d'>' -f2 \
| sed "s/[ ',]//g")
 
#
# For the database types MySQL and PostgreSQL it will be checked
# if the database instance is up and running.
if [ "$dbtype" == "mysql" -o "$dbtype" == "pgsql" ]; then
#
# Get the database server and port
dbentry=$(sed -n '/db/,/),/p' < /data/data/config.php \
| grep "'host' =>" \
| cut -d'>' -f2 \
| sed "s/[ ',]//g")
if [[ "$dbentry" =~ .*:.* ]]; then
dbhost=$(echo "$dbentry" | cut -d: -f1)
dbport=$(echo "$dbentry" | cut -d: -f2)
else
dbhost="$dbentry"
dbport=""
fi
 
#
# Is a hostname for the database server set?
if [ ! -z "$dbhost" ]; then
#
# If port is not set, then set the default port.
if [ -z "$dbport" -a "$dbtype" == "mysql" ]; then
dbport="3306"
elif [ -z "$dbport" -a "$dbtype" == "mysql" ]; then
dbport="5432"
fi
 
#
# Check for a listening server on the specified port.
(cat /dev/null >/dev/tcp/$dbhost/$dbport) > /dev/null 2>&1 && rc=$? || rc=1
if [ $rc -ne 0 ]; then
echo
echo "Waiting for database server \"$dbhost\" to listen on port $dbport for new requests."
seccount=0
while [ $rc -ne 0 ]; do
rand=$(($RANDOM % $DEPENDENCYDELAY + 1))
seccount=$(expr $seccount + $rand)
sleep $rand
(cat /dev/null >/dev/tcp/$dbhost/$dbport) > /dev/null 2>&1 && rc=$? || rc=1
done
echo "Waited $seccount seconds for database server - now it's reachable,"
fi
fi
fi
fi
 
 
#
# Setting the interval for feed reloads
if [[ ! $FEEDRELOAD =~ ^[0-9]+$ ]]; then
echo
echo "WARNING: The interval for feed reloads must be numeric. Defaulting to $FEEDRELOADDEFAULT."
FEEDRELOAD=$FEEDRELOADDEFAULT
fi
echo "sleeptime = $FEEDRELOAD" > /etc/actualize.conf
chown scheerdock:phpfpm /etc/actualize.conf
chmod 444 /etc/actualize.conf
 
 
#
# Change the proxy configuration
if [ ! -z "$PROXYKEY" ]; then
if [ "$DEPENDENCYCHECK" == "1" ]; then
PROXYOPTS="--timeout=0"
fi
 
 
#
# Save the $PROXYKEY for later use in /app/init/stop script.
echo "$PROXYKEY" > /var/run/proxykey
 
 
#
# Now generate the configuration for the proxy
PROXYCONF="location $WEBURLPATH {\n"
if [ "$RESTRICTWEBACCESS" == "0" ]; then
echo
echo "The webservice https://your.domain.tld$WEBURLPATH will be accessable for anybody."
echo "The webservice is redirected to $WEBPROXYURL."
else
echo
echo "The webservice https://your.domain.tld$WEBURLPATH is restricted to owners with a client certificate."
echo "The webservice is redirected to $WEBPROXYURL."
PROXYCONF+=" if (\$ssl_client_verify != SUCCESS) {\n"
PROXYCONF+=" return 403;\n"
PROXYCONF+=" break;\n"
PROXYCONF+=" }\n"
fi
PROXYCONF+=" proxy_pass $WEBPROXYURL;\n"
PROXYCONF+=" proxy_set_header Host \$http_host;\n"
PROXYCONF+=" proxy_set_header X-Remote-User \$remote_user;\n"
PROXYCONF+=" proxy_set_header X-Forwarded-Host \$host;\n"
PROXYCONF+=" proxy_set_header X-Forwarded-Server \$host;\n"
PROXYCONF+=" proxy_set_header X-Forwarded-Proto \$scheme;\n"
PROXYCONF+=" proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;\n"
PROXYCONF+=" proxy_redirect off;\n"
PROXYCONF+=" proxy_buffering off;\n"
PROXYCONF+=" proxy_read_timeout 900;\n"
PROXYCONF+=" proxy_cookie_path / \"/; HTTPOnly; Secure\";\n"
PROXYCONF+="}\n"
echo -e "$PROXYCONF" | /app/sbin/proxy --register $PROXYKEY $PROXYOPTS
fi
 
 
#
# Start PHP as FastCGI process manager
dat=$(date +"%x %X")
echo
echo "$dat - Starting PHP-FPM ..."
/usr/sbin/php-fpm7
 
 
#
# Start the cronjob for regular updating of the feeds
dat=$(date +"%x %X")
echo
echo "$dat - Starting cron script for regular updating of the feeds every $FEEDRELOAD minutes ..."
/app/sbin/actualize &
 
 
#
# Start the webserver
dat=$(date +"%x %X")
echo
echo "$dat - Starting nginx ..."
exec /usr/sbin/nginx -g "daemon off;"
;;
dump)
#
# Dump the complete configuration of the webserver
/usr/local/bin/nginxconf
;;
reload)
#
# Reload the webserver
echo -n "Reloading nginx ... "
/usr/local/bin/nginxreload && echo "OK"
;;
*)
#
# Just defensive programming ;-)
echo "Unknown internal command \"$CMD\" programmed. Exiting!" 1>&2
exit 3
;;
esac
 
exit 0
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20201024/app/init/stop
0,0 → 1,21
#!/bin/bash
 
##############################################################################
#
# Stop all daemons of the running container
#
##############################################################################
 
if [ -r /var/run/proxykey ]; then
echo "Removing FreshRSS's service from proxy configuration"
PROXYKEY=$(cat /var/run/proxykey)
/app/sbin/proxy --unregister $PROXYKEY
fi
 
 
echo "Shutting down webserver nginx ..."
/usr/local/bin/nginxstop
 
 
echo "Shutting down PHP-FPM ..."
kill -QUIT $(cat /var/run/php-fpm7.pid)
Property changes:
Added: svn:executable
+*
\ No newline at end of property
/tags/20201024/app/sbin/actualize
0,0 → 1,39
#!/bin/sh
##############################################################################
#
# A little script for regular updating of the feeds
# https://github.com/FreshRSS/FreshRSS#automatic-feed-update
#
##############################################################################
 
 
#
# Delaying start for 30 seconds to give nginx a chance to start up.
sleep 30
 
 
#
# Setting the name of the config file
CONFFILE=/etc/actualize.conf
 
 
#
# Run until the container stops
while true; do
#
# Run the script released with FreshRSS
php /app/www/app/actualize_script.php 2>&1
 
 
#
# Wait a given amount of seconds
if [ -r $CONFFILE ]; then
SLEEPTIME=$(grep "^sleeptime" $CONFFILE | cut -d= -f2 | sed 's/ *//')
else
SLEEPTIME=15
fi
SLEEPSECS=$(expr $SLEEPTIME \* 60)
 
echo "Going to sleep for $SLEEPSECS seconds ($SLEEPTIME minutes) ..."
sleep $SLEEPSECS
done
Property changes:
Added: svn:executable
+*
\ No newline at end of property