remove gosu and run nginx as zammad user (#189)
remove gosu and run nginx as zammad user
This commit is contained in:
parent
7ef7084e48
commit
288b91a0cd
2
.env
2
.env
@ -3,4 +3,4 @@ POSTGRES_PASS=zammad
|
||||
POSTGRES_USER=zammad
|
||||
RESTART=always
|
||||
# don't forget to add the minus before the version
|
||||
VERSION=-3.6.0-20
|
||||
VERSION=-3.6.0-63
|
||||
|
@ -1,5 +1,5 @@
|
||||
FROM ruby:2.6.6-slim AS builder
|
||||
# note: zammad is currently incompatible to alpine because of:
|
||||
# note: zammad is currently incompatible to alpine because of:
|
||||
# https://github.com/docker-library/ruby/issues/113
|
||||
|
||||
ARG BUILD_DATE
|
||||
@ -7,7 +7,6 @@ ARG DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
ENV GIT_BRANCH stable
|
||||
ENV GIT_URL ${PROJECT_URL}.git
|
||||
ENV GOSU_VERSION 1.11
|
||||
ENV PROJECT_URL https://github.com/zammad/zammad
|
||||
ENV RAILS_ENV production
|
||||
ENV TAR_GZ_URL ${PROJECT_URL}/archive/${GIT_BRANCH}.tar.gz
|
||||
@ -21,7 +20,7 @@ SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]
|
||||
# install zammad
|
||||
COPY containers/zammad/setup.sh /tmp
|
||||
RUN chmod +x /tmp/setup.sh; \
|
||||
/tmp/setup.sh install
|
||||
/tmp/setup.sh builder
|
||||
|
||||
|
||||
FROM ruby:2.6.6-slim
|
||||
@ -49,10 +48,9 @@ ENV ZAMMAD_USER zammad
|
||||
|
||||
COPY containers/zammad/setup.sh /tmp
|
||||
RUN chmod +x /tmp/setup.sh; \
|
||||
/tmp/setup.sh run
|
||||
/tmp/setup.sh runner
|
||||
|
||||
COPY --from=builder ${ZAMMAD_TMP_DIR} ${ZAMMAD_TMP_DIR}
|
||||
COPY --from=builder /usr/local/bin/gosu /usr/local/bin/gosu
|
||||
COPY --from=builder /usr/local/bundle /usr/local/bundle
|
||||
|
||||
# docker init
|
||||
@ -60,4 +58,6 @@ COPY containers/zammad/docker-entrypoint.sh /
|
||||
RUN chmod +x /docker-entrypoint.sh
|
||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||
|
||||
USER zammad
|
||||
|
||||
WORKDIR ${ZAMMAD_DIR}
|
||||
|
@ -107,14 +107,11 @@ if [ "$1" = 'zammad-init' ]; then
|
||||
echo "rebuilding es searchindex..."
|
||||
bundle exec rake searchindex:rebuild
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# chown everything to zammad user
|
||||
chown -R "${ZAMMAD_USER}":"${ZAMMAD_USER}" "${ZAMMAD_DIR}"
|
||||
|
||||
# create install ready file
|
||||
su -c "echo 'zammad-init' > ${ZAMMAD_READY_FILE}" "${ZAMMAD_USER}"
|
||||
echo 'zammad-init' > "${ZAMMAD_READY_FILE}"
|
||||
fi
|
||||
|
||||
|
||||
@ -123,6 +120,10 @@ if [ "$1" = 'zammad-nginx' ]; then
|
||||
check_zammad_ready
|
||||
|
||||
# configure nginx
|
||||
sed -i -e "s#user www-data;##g" \
|
||||
-e 's#/var/log/nginx/\(access\|error\).log#/dev/stdout#g' \
|
||||
-e 's#pid /run/nginx.pid;#pid /tmp/nginx.pid;#g' /etc/nginx/nginx.conf
|
||||
|
||||
sed -e "s#proxy_set_header X-Forwarded-Proto .*;#proxy_set_header X-Forwarded-Proto ${NGINX_SERVER_SCHEME};#g" \
|
||||
-e "s#server .*:3000#server ${ZAMMAD_RAILSSERVER_HOST}:${ZAMMAD_RAILSSERVER_PORT}#g" \
|
||||
-e "s#server .*:6042#server ${ZAMMAD_WEBSOCKET_HOST}:${ZAMMAD_WEBSOCKET_PORT}#g" \
|
||||
@ -146,7 +147,7 @@ if [ "$1" = 'zammad-railsserver' ]; then
|
||||
echo "starting railsserver..."
|
||||
|
||||
#shellcheck disable=SC2101
|
||||
exec gosu "${ZAMMAD_USER}":"${ZAMMAD_USER}" bundle exec rails server puma -b [::] -p "${ZAMMAD_RAILSSERVER_PORT}" -e "${RAILS_ENV}"
|
||||
exec bundle exec rails server puma -b [::] -p "${ZAMMAD_RAILSSERVER_PORT}" -e "${RAILS_ENV}"
|
||||
fi
|
||||
|
||||
|
||||
@ -158,7 +159,7 @@ if [ "$1" = 'zammad-scheduler' ]; then
|
||||
|
||||
echo "starting scheduler..."
|
||||
|
||||
exec gosu "${ZAMMAD_USER}":"${ZAMMAD_USER}" bundle exec script/scheduler.rb run
|
||||
exec bundle exec script/scheduler.rb run
|
||||
fi
|
||||
|
||||
|
||||
@ -170,5 +171,5 @@ if [ "$1" = 'zammad-websocket' ]; then
|
||||
|
||||
echo "starting websocket server..."
|
||||
|
||||
exec gosu "${ZAMMAD_USER}":"${ZAMMAD_USER}" bundle exec script/websocket-server.rb -b 0.0.0.0 -p "${ZAMMAD_WEBSOCKET_PORT}" start
|
||||
exec bundle exec script/websocket-server.rb -b 0.0.0.0 -p "${ZAMMAD_WEBSOCKET_PORT}" start
|
||||
fi
|
||||
|
@ -2,9 +2,9 @@
|
||||
set -e
|
||||
|
||||
# install dependencies
|
||||
if [ "$1" = 'install' ]; then
|
||||
if [ "$1" = 'builder' ]; then
|
||||
PACKAGES="build-essential curl git libimlib2-dev libpq-dev"
|
||||
elif [ "$1" = 'run' ]; then
|
||||
elif [ "$1" = 'runner' ]; then
|
||||
PACKAGES="curl libimlib2 libpq5 nginx rsync"
|
||||
fi
|
||||
|
||||
@ -14,18 +14,11 @@ apt-get upgrade -y
|
||||
apt-get install -y --no-install-recommends ${PACKAGES}
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# install gosu
|
||||
if [ "$1" = 'install' ]; then
|
||||
curl -s -J -L -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$(dpkg --print-architecture)"
|
||||
chmod +x /usr/local/bin/gosu
|
||||
gosu nobody true
|
||||
fi
|
||||
|
||||
# install zammad
|
||||
groupadd -g 1000 "${ZAMMAD_USER}"
|
||||
useradd -M -d "${ZAMMAD_DIR}" -s /bin/bash -u 1000 -g 1000 "${ZAMMAD_USER}"
|
||||
|
||||
if [ "$1" = 'install' ]; then
|
||||
if [ "$1" = 'builder' ]; then
|
||||
cd "$(dirname "${ZAMMAD_TMP_DIR}")"
|
||||
curl -s -J -L -O "${TAR_GZ_URL}"
|
||||
tar -xzf zammad-"${GIT_BRANCH}".tar.gz
|
||||
@ -42,3 +35,9 @@ if [ "$1" = 'install' ]; then
|
||||
rm -r tmp/cache
|
||||
chown -R "${ZAMMAD_USER}":"${ZAMMAD_USER}" "${ZAMMAD_TMP_DIR}"
|
||||
fi
|
||||
|
||||
# set nginx file permissions
|
||||
if [ "$1" = 'runner' ]; then
|
||||
mkdir -p "${ZAMMAD_DIR}" /var/log/nginx
|
||||
chown -R "${ZAMMAD_USER}":"${ZAMMAD_USER}" /etc/nginx "${ZAMMAD_DIR}" /var/lib/nginx /var/log/nginx
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user