mirror of
https://github.com/nextcloud/all-in-one.git
synced 2024-09-20 23:06:10 +08:00
Merge pull request #17 from pestotoast/fix-docker-issues
fix docker permission issues
This commit is contained in:
commit
994b128c37
|
@ -2,16 +2,14 @@
|
|||
FROM php:8.0-apache-bullseye
|
||||
|
||||
EXPOSE 80
|
||||
# EXPOSE 8080
|
||||
EXPOSE 8080
|
||||
EXPOSE 8443
|
||||
|
||||
RUN mkdir -p /mnt/docker-aio-config/; \
|
||||
chown www-data:www-data /mnt/docker-aio-config;
|
||||
RUN mkdir -p /mnt/docker-aio-config/;
|
||||
|
||||
VOLUME /mnt/docker-aio-config/
|
||||
|
||||
RUN mkdir -p /var/www/docker-aio; \
|
||||
chown -R www-data:www-data /var/www;
|
||||
RUN mkdir -p /var/www/docker-aio;
|
||||
|
||||
WORKDIR /var/www/docker-aio
|
||||
|
||||
|
@ -25,18 +23,16 @@ RUN apt-get update; \
|
|||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN curl "https://caddyserver.com/api/download?os=linux&arch=amd64" -o "/usr/bin/caddy" \
|
||||
&& chmod 0755 /usr/bin/caddy \
|
||||
&& chmod +x /usr/bin/caddy \
|
||||
&& /usr/bin/caddy version
|
||||
|
||||
RUN cd /var/www/docker-aio; \
|
||||
git clone https://github.com/nextcloud/all-in-one.git .; \
|
||||
chown -R www-data:www-data ./; \
|
||||
chmod 770 -R ./
|
||||
|
||||
RUN mkdir -p /etc/apache2/certs && \
|
||||
cd /etc/apache2/certs && \
|
||||
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt; \
|
||||
chown www-data:www-data -R /etc/apache2/certs;
|
||||
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt;
|
||||
|
||||
COPY mastercontainer.conf /etc/apache2/sites-available/
|
||||
|
||||
|
@ -60,29 +56,20 @@ RUN a2dissite 000-default && \
|
|||
service apache2 restart
|
||||
|
||||
RUN mkdir /var/log/supervisord; \
|
||||
mkdir /var/run/supervisord; \
|
||||
chown www-data:www-data /var/run/supervisord; \
|
||||
chown www-data:www-data /var/log/supervisord;
|
||||
mkdir /var/run/supervisord;
|
||||
|
||||
RUN mkdir -p /usr/src/php/ext/apcu && curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && docker-php-ext-install apcu
|
||||
RUN mkdir -p /usr/src/php/ext/apcu && \
|
||||
curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
|
||||
docker-php-ext-install apcu
|
||||
|
||||
COPY Caddyfile /
|
||||
COPY start.sh /usr/bin/
|
||||
COPY cron.sh /
|
||||
COPY supervisord.conf /
|
||||
RUN chmod +x /usr/bin/start.sh; \
|
||||
chmod +r /supervisord.conf; \
|
||||
chmod +r /Caddyfile; \
|
||||
chmod +x /cron.sh
|
||||
|
||||
# add docker group
|
||||
RUN groupadd -g 998 docker && \
|
||||
usermod -aG docker www-data
|
||||
|
||||
# Give root a random password
|
||||
RUN echo "root:$(openssl rand -base64 12)" | chpasswd
|
||||
|
||||
USER www-data
|
||||
USER root
|
||||
|
||||
ENTRYPOINT ["start.sh"]
|
||||
CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
|
||||
|
|
|
@ -11,10 +11,20 @@ if ! [ -a "/var/run/docker.sock" ]; then
|
|||
echo "Docker socket is not available. Cannot continue."
|
||||
exit 1
|
||||
elif ! test -r /var/run/docker.sock; then
|
||||
echo "Docker socket is not readable by the www-data user. Cannot continue."
|
||||
exit 1
|
||||
echo "Trying to fix docker.sock permissions internally..."
|
||||
GROUP="$(stat -c '%g' /var/run/docker.sock)"
|
||||
groupadd -g "$GROUP" docker && \
|
||||
usermod -aG docker root
|
||||
if ! test -r /var/run/docker.sock; then
|
||||
echo "Docker socket is not readable by the root user. Cannot continue."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Adjust permissions for all instances
|
||||
chown root:root -R /mnt/docker-aio-config
|
||||
chmod 770 -R /mnt/docker-aio-config
|
||||
|
||||
# Check if volume is writeable
|
||||
if ! [ -w /mnt/docker-aio-config ]; then
|
||||
echo "/mnt/docker-aio-config is not writeable."
|
||||
|
@ -36,11 +46,9 @@ else
|
|||
sleep 10
|
||||
fi
|
||||
|
||||
# Adjust data permissions
|
||||
# Add important folders
|
||||
mkdir -p /mnt/docker-aio-config/data/
|
||||
mkdir -p /mnt/docker-aio-config/session/
|
||||
|
||||
# Adjust caddy permissions
|
||||
mkdir -p /mnt/docker-aio-config/caddy/
|
||||
|
||||
# Adjust certs
|
||||
|
|
|
@ -5,7 +5,7 @@ logfile=/var/log/supervisord/supervisord.log
|
|||
pidfile=/var/run/supervisord/supervisord.pid
|
||||
childlogdir=/var/log/supervisord/
|
||||
logfile_maxbytes=50MB
|
||||
logfile_backups=10
|
||||
logfile_backups=10
|
||||
loglevel=error
|
||||
|
||||
[program:apache]
|
||||
|
|
|
@ -8,7 +8,6 @@ RUN set -ex; \
|
|||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
openssl \
|
||||
; \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
|
@ -17,12 +16,5 @@ COPY --from=watchtower /watchtower /
|
|||
COPY start.sh /
|
||||
RUN chmod +x /start.sh
|
||||
|
||||
# Give root a random password
|
||||
RUN echo "root:$(openssl rand -base64 12)" | chpasswd
|
||||
|
||||
# add docker group
|
||||
RUN groupadd -g 998 docker && \
|
||||
usermod -aG docker nobody
|
||||
|
||||
USER nobody
|
||||
USER root
|
||||
ENTRYPOINT ["/start.sh"]
|
||||
|
|
|
@ -4,15 +4,22 @@
|
|||
if ! [ -a "/var/run/docker.sock" ]; then
|
||||
echo "Docker socket is not available. Cannot continue."
|
||||
exit 1
|
||||
elif ! [ -r "/var/run/docker.sock" ]; then
|
||||
echo "Docker socket is not readable by the nobody user. Cannot continue."
|
||||
exit 1
|
||||
elif ! test -r /var/run/docker.sock; then
|
||||
echo "Trying to fix docker.sock permissions internally..."
|
||||
GROUP="$(stat -c '%g' /var/run/docker.sock)"
|
||||
groupadd -g "$GROUP" docker && \
|
||||
usermod -aG docker root
|
||||
if ! test -r /var/run/docker.sock; then
|
||||
echo "Docker socket is not readable by the root user. Cannot continue."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "$CONTAINER_TO_UPDATE" ]; then
|
||||
exec /watchtower --cleanup --run-once "$CONTAINER_TO_UPDATE"
|
||||
else
|
||||
echo "'CONTAINER_TO_UPDATE' is not set. Cannot update anything."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue