remove gosu and run nginx as zammad user

Signed-off-by: André Bauer <monotek23@gmail.com>
2021-03-03 17:49:58 +01:00 · 2021-03-03 17:49:58 +01:00 · 21a69998aa
commit 21a69998aa
parent 7ef7084e48
4 changed files with 19 additions and 21 deletions
--- a/.env
+++ b/.env
@ -3,4 +3,4 @@ POSTGRES_PASS=zammad
 POSTGRES_USER=zammad
 RESTART=always
 # don't forget to add the minus before the version
-VERSION=-3.6.0-20
+VERSION=-3.6.0-63
--- a/containers/zammad/Dockerfile
+++ b/containers/zammad/Dockerfile
@ -1,5 +1,5 @@
 FROM ruby:2.6.6-slim AS builder
-# note: zammad is currently incompatible to alpine because of: 
+# note: zammad is currently incompatible to alpine because of:
 # https://github.com/docker-library/ruby/issues/113

 ARG BUILD_DATE
@ -7,7 +7,6 @@ ARG DEBIAN_FRONTEND=noninteractive

 ENV GIT_BRANCH stable
 ENV GIT_URL ${PROJECT_URL}.git
-ENV GOSU_VERSION 1.11
 ENV PROJECT_URL https://github.com/zammad/zammad
 ENV RAILS_ENV production
 ENV TAR_GZ_URL ${PROJECT_URL}/archive/${GIT_BRANCH}.tar.gz
@ -21,7 +20,7 @@ SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]
 # install zammad
 COPY containers/zammad/setup.sh /tmp
 RUN chmod +x /tmp/setup.sh; \
-    /tmp/setup.sh install
+    /tmp/setup.sh builder


 FROM ruby:2.6.6-slim
@ -49,12 +48,13 @@ ENV ZAMMAD_USER zammad

 COPY containers/zammad/setup.sh /tmp
 RUN chmod +x /tmp/setup.sh; \
-    /tmp/setup.sh run
+    /tmp/setup.sh runner

 COPY --from=builder ${ZAMMAD_TMP_DIR} ${ZAMMAD_TMP_DIR}
-COPY --from=builder /usr/local/bin/gosu /usr/local/bin/gosu
 COPY --from=builder /usr/local/bundle /usr/local/bundle

+USER zammad
+
 # docker init
 COPY containers/zammad/docker-entrypoint.sh /
 RUN chmod +x /docker-entrypoint.sh
--- a/containers/zammad/docker-entrypoint.sh
+++ b/containers/zammad/docker-entrypoint.sh
@ -107,14 +107,14 @@ if [ "$1" = 'zammad-init' ]; then
        echo "rebuilding es searchindex..."
        bundle exec rake searchindex:rebuild
      fi
-    fi  
+    fi
  fi

  # chown everything to zammad user
  chown -R "${ZAMMAD_USER}":"${ZAMMAD_USER}" "${ZAMMAD_DIR}"

  # create install ready file
-  su -c "echo 'zammad-init' > ${ZAMMAD_READY_FILE}" "${ZAMMAD_USER}"
+  echo 'zammad-init' > "${ZAMMAD_READY_FILE}"
 fi


@ -146,7 +146,7 @@ if [ "$1" = 'zammad-railsserver' ]; then
  echo "starting railsserver..."

  #shellcheck disable=SC2101
-  exec gosu "${ZAMMAD_USER}":"${ZAMMAD_USER}" bundle exec rails server puma -b [::] -p "${ZAMMAD_RAILSSERVER_PORT}" -e "${RAILS_ENV}"
+  exec bundle exec rails server puma -b [::] -p "${ZAMMAD_RAILSSERVER_PORT}" -e "${RAILS_ENV}"
 fi


@ -158,7 +158,7 @@ if [ "$1" = 'zammad-scheduler' ]; then

  echo "starting scheduler..."

-  exec gosu "${ZAMMAD_USER}":"${ZAMMAD_USER}" bundle exec script/scheduler.rb run
+  exec bundle exec script/scheduler.rb run
 fi


@ -170,5 +170,5 @@ if [ "$1" = 'zammad-websocket' ]; then

  echo "starting websocket server..."

-  exec gosu "${ZAMMAD_USER}":"${ZAMMAD_USER}" bundle exec script/websocket-server.rb -b 0.0.0.0 -p "${ZAMMAD_WEBSOCKET_PORT}" start
+  exec bundle exec script/websocket-server.rb -b 0.0.0.0 -p "${ZAMMAD_WEBSOCKET_PORT}" start
 fi
--- a/containers/zammad/setup.sh
+++ b/containers/zammad/setup.sh
@ -2,9 +2,9 @@
 set -e

 # install dependencies
-if [ "$1" = 'install' ]; then
+if [ "$1" = 'builder' ]; then
  PACKAGES="build-essential curl git libimlib2-dev libpq-dev"
-elif [ "$1" = 'run' ]; then
+elif [ "$1" = 'runner' ]; then
  PACKAGES="curl libimlib2 libpq5 nginx rsync"
 fi

@ -14,18 +14,11 @@ apt-get upgrade -y
 apt-get install -y --no-install-recommends ${PACKAGES}
 rm -rf /var/lib/apt/lists/*

-# install gosu
-if [ "$1" = 'install' ]; then
-  curl -s -J -L -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$(dpkg --print-architecture)"
-  chmod +x /usr/local/bin/gosu
-  gosu nobody true
-fi
-
 # install zammad
 groupadd -g 1000 "${ZAMMAD_USER}"
 useradd -M -d "${ZAMMAD_DIR}" -s /bin/bash -u 1000 -g 1000 "${ZAMMAD_USER}"

-if [ "$1" = 'install' ]; then
+if [ "$1" = 'builder' ]; then
  cd "$(dirname "${ZAMMAD_TMP_DIR}")"
  curl -s -J -L -O "${TAR_GZ_URL}"
  tar -xzf zammad-"${GIT_BRANCH}".tar.gz
@ -42,3 +35,8 @@ if [ "$1" = 'install' ]; then
  rm -r tmp/cache
  chown -R "${ZAMMAD_USER}":"${ZAMMAD_USER}" "${ZAMMAD_TMP_DIR}"
 fi
+
+# set nginx file permissions
+if [ "$1" = 'runner' ]; then
+  chown -R "${ZAMMAD_USER}":"${ZAMMAD_USER}" /etc/nginx
+fi