remove gosu and run nginx as zammad user (#189)

remove gosu and run nginx as zammad user

.env

@@ -3,4 +3,4 @@ POSTGRES_PASS=zammad
 POSTGRES_USER=zammad
 RESTART=always
 # don't forget to add the minus before the version
-VERSION=-3.6.0-20
+VERSION=-3.6.0-63

containers/zammad/Dockerfile

@@ -7,7 +7,6 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 ENV GIT_BRANCH stable
 ENV GIT_URL ${PROJECT_URL}.git
-ENV GOSU_VERSION 1.11
 ENV PROJECT_URL https://github.com/zammad/zammad
 ENV RAILS_ENV production
 ENV TAR_GZ_URL ${PROJECT_URL}/archive/${GIT_BRANCH}.tar.gz
@@ -21,7 +20,7 @@ SHELL ["/bin/bash", "-e", "-o", "pipefail", "-c"]
 # install zammad
 COPY containers/zammad/setup.sh /tmp
 RUN chmod +x /tmp/setup.sh; \
-    /tmp/setup.sh install
+    /tmp/setup.sh builder
 
 
 FROM ruby:2.6.6-slim
@@ -49,10 +48,9 @@ ENV ZAMMAD_USER zammad
 
 COPY containers/zammad/setup.sh /tmp
 RUN chmod +x /tmp/setup.sh; \
-    /tmp/setup.sh run
+    /tmp/setup.sh runner
 
 COPY --from=builder ${ZAMMAD_TMP_DIR} ${ZAMMAD_TMP_DIR}
-COPY --from=builder /usr/local/bin/gosu /usr/local/bin/gosu
 COPY --from=builder /usr/local/bundle /usr/local/bundle
 
 # docker init
@@ -60,4 +58,6 @@ COPY containers/zammad/docker-entrypoint.sh /
 RUN chmod +x /docker-entrypoint.sh
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
+USER zammad
+
 WORKDIR ${ZAMMAD_DIR}

containers/zammad/docker-entrypoint.sh

@@ -110,11 +110,8 @@ if [ "$1" = 'zammad-init' ]; then
     fi
   fi
 
-  # chown everything to zammad user
-  chown -R "${ZAMMAD_USER}":"${ZAMMAD_USER}" "${ZAMMAD_DIR}"
-
   # create install ready file
-  su -c "echo 'zammad-init' > ${ZAMMAD_READY_FILE}" "${ZAMMAD_USER}"
+  echo 'zammad-init' > "${ZAMMAD_READY_FILE}"
 fi
 
 
@@ -123,6 +120,10 @@ if [ "$1" = 'zammad-nginx' ]; then
   check_zammad_ready
 
   # configure nginx
+  sed -i -e "s#user www-data;##g" \
+         -e 's#/var/log/nginx/\(access\|error\).log#/dev/stdout#g' \
+         -e 's#pid /run/nginx.pid;#pid /tmp/nginx.pid;#g' /etc/nginx/nginx.conf
+
   sed -e "s#proxy_set_header X-Forwarded-Proto .*;#proxy_set_header X-Forwarded-Proto ${NGINX_SERVER_SCHEME};#g" \
       -e "s#server .*:3000#server ${ZAMMAD_RAILSSERVER_HOST}:${ZAMMAD_RAILSSERVER_PORT}#g" \
       -e "s#server .*:6042#server ${ZAMMAD_WEBSOCKET_HOST}:${ZAMMAD_WEBSOCKET_PORT}#g" \
@@ -146,7 +147,7 @@ if [ "$1" = 'zammad-railsserver' ]; then
   echo "starting railsserver..."
 
   #shellcheck disable=SC2101
-  exec gosu "${ZAMMAD_USER}":"${ZAMMAD_USER}" bundle exec rails server puma -b [::] -p "${ZAMMAD_RAILSSERVER_PORT}" -e "${RAILS_ENV}"
+  exec bundle exec rails server puma -b [::] -p "${ZAMMAD_RAILSSERVER_PORT}" -e "${RAILS_ENV}"
 fi
 
 
@@ -158,7 +159,7 @@ if [ "$1" = 'zammad-scheduler' ]; then
 
   echo "starting scheduler..."
 
-  exec gosu "${ZAMMAD_USER}":"${ZAMMAD_USER}" bundle exec script/scheduler.rb run
+  exec bundle exec script/scheduler.rb run
 fi
 
 
@@ -170,5 +171,5 @@ if [ "$1" = 'zammad-websocket' ]; then
 
   echo "starting websocket server..."
 
-  exec gosu "${ZAMMAD_USER}":"${ZAMMAD_USER}" bundle exec script/websocket-server.rb -b 0.0.0.0 -p "${ZAMMAD_WEBSOCKET_PORT}" start
+  exec bundle exec script/websocket-server.rb -b 0.0.0.0 -p "${ZAMMAD_WEBSOCKET_PORT}" start
 fi

containers/zammad/setup.sh

@@ -2,9 +2,9 @@
 set -e
 
 # install dependencies
-if [ "$1" = 'install' ]; then
+if [ "$1" = 'builder' ]; then
   PACKAGES="build-essential curl git libimlib2-dev libpq-dev"
-elif [ "$1" = 'run' ]; then
+elif [ "$1" = 'runner' ]; then
   PACKAGES="curl libimlib2 libpq5 nginx rsync"
 fi
 
@@ -14,18 +14,11 @@ apt-get upgrade -y
 apt-get install -y --no-install-recommends ${PACKAGES}
 rm -rf /var/lib/apt/lists/*
 
-# install gosu
-if [ "$1" = 'install' ]; then
-  curl -s -J -L -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$(dpkg --print-architecture)"
-  chmod +x /usr/local/bin/gosu
-  gosu nobody true
-fi
-
 # install zammad
 groupadd -g 1000 "${ZAMMAD_USER}"
 useradd -M -d "${ZAMMAD_DIR}" -s /bin/bash -u 1000 -g 1000 "${ZAMMAD_USER}"
 
-if [ "$1" = 'install' ]; then
+if [ "$1" = 'builder' ]; then
   cd "$(dirname "${ZAMMAD_TMP_DIR}")"
   curl -s -J -L -O "${TAR_GZ_URL}"
   tar -xzf zammad-"${GIT_BRANCH}".tar.gz
@@ -42,3 +35,9 @@ if [ "$1" = 'install' ]; then
   rm -r tmp/cache
   chown -R "${ZAMMAD_USER}":"${ZAMMAD_USER}" "${ZAMMAD_TMP_DIR}"
 fi
+
+# set nginx file permissions
+if [ "$1" = 'runner' ]; then
+  mkdir -p "${ZAMMAD_DIR}" /var/log/nginx
+  chown -R "${ZAMMAD_USER}":"${ZAMMAD_USER}" /etc/nginx "${ZAMMAD_DIR}" /var/lib/nginx /var/log/nginx
+fi