aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorFlorent Poinsaut <florent@poinsaut.fr>2018-04-15 22:28:05 +0200
committerChocobozzz <me@florianbigard.com>2018-04-16 09:33:49 +0200
commit399d20eae6ec4e7a7fda1afd0e8b1a11a2cb1714 (patch)
treebdcfae14155f42e6ad8b3779ad8a7b50a2a9a2a4
parent864e782bc2306f7154a185361ebf94e6e86472e8 (diff)
downloadPeerTube-399d20eae6ec4e7a7fda1afd0e8b1a11a2cb1714.tar.gz
PeerTube-399d20eae6ec4e7a7fda1afd0e8b1a11a2cb1714.tar.zst
PeerTube-399d20eae6ec4e7a7fda1afd0e8b1a11a2cb1714.zip
use gosu to fix /data permissions errors
-rw-r--r--support/doc/docker.md12
-rw-r--r--support/docker/production/Dockerfile.stretch44
-rw-r--r--support/docker/production/docker-entrypoint.sh16
3 files changed, 57 insertions, 15 deletions
diff --git a/support/doc/docker.md b/support/doc/docker.md
index 3d25d06c4..e0c03a1dc 100644
--- a/support/doc/docker.md
+++ b/support/doc/docker.md
@@ -50,18 +50,6 @@ balancer, although any HTTP reverse proxy will work fine. See the example
50Nginx configuration `support/nginx/peertube` file to get an idea of 50Nginx configuration `support/nginx/peertube` file to get an idea of
51recommendations and requirements to run PeerTube the most efficiently. 51recommendations and requirements to run PeerTube the most efficiently.
52 52
53When starting the containers for the first time, you will get permissions errors for the data volume, like this one:
54
55```
56Error: EACCES: permission denied, mkdir '/data/logs'
57```
58
59The peertube user inside the container has a UID and GID of 991 so you have to change the folder's owner, in the case you're using `./data`:
60
61```
62chown -R 991:991 data/
63```
64
65**Important**: note that you'll get the initial `root` user password from the 53**Important**: note that you'll get the initial `root` user password from the
66program output, so check out your logs to find them. 54program output, so check out your logs to find them.
67 55
diff --git a/support/docker/production/Dockerfile.stretch b/support/docker/production/Dockerfile.stretch
index b1905b3a8..bf2bae510 100644
--- a/support/docker/production/Dockerfile.stretch
+++ b/support/docker/production/Dockerfile.stretch
@@ -1,13 +1,45 @@
1FROM node:8-stretch 1FROM node:8-stretch
2 2
3RUN set -ex; \
4 if ! command -v gpg > /dev/null; then \
5 apt-get update; \
6 apt-get install -y --no-install-recommends \
7 gnupg \
8 dirmngr \
9 ; \
10 rm -rf /var/lib/apt/lists/*; \
11fi
12
3# Install dependencies 13# Install dependencies
4RUN apt-get update \ 14RUN apt-get update \
5 && apt-get -y install ffmpeg \ 15 && apt-get -y install ffmpeg \
6 && rm /var/lib/apt/lists/* -fR 16 && rm /var/lib/apt/lists/* -fR
7 17
8# Add peertube user 18# Add peertube user
9RUN groupadd -g 991 peertube \ 19RUN groupadd -r peertube \
10 && useradd -u 991 -g peertube -m peertube 20 && useradd -r -g peertube -m peertube
21
22# grab gosu for easy step-down from root
23# https://github.com/tianon/gosu/releases
24ENV GOSU_VERSION 1.10
25RUN set -ex; \
26 \
27 fetchDeps='ca-certificates wget'; \
28 apt-get update; \
29 apt-get install -y --no-install-recommends $fetchDeps; \
30 rm -rf /var/lib/apt/lists/*; \
31 \
32 dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
33 wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
34 wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
35 export GNUPGHOME="$(mktemp -d)"; \
36 gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
37 gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
38 rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
39 chmod +x /usr/local/bin/gosu; \
40 gosu nobody true; \
41 \
42 apt-get purge -y --auto-remove wget
11 43
12# Download the latest version 44# Download the latest version
13RUN git clone https://github.com/Chocobozzz/PeerTube /app \ 45RUN git clone https://github.com/Chocobozzz/PeerTube /app \
@@ -25,7 +57,13 @@ RUN cp /app/config/default.yaml /app/support/docker/production/config/default.ya
25ENV NODE_ENV production 57ENV NODE_ENV production
26ENV NODE_CONFIG_DIR /app/support/docker/production/config 58ENV NODE_CONFIG_DIR /app/support/docker/production/config
27 59
60USER root
61RUN mkdir /data && chown peertube:peertube /data
62VOLUME /data
63
64COPY docker-entrypoint.sh /usr/local/bin/
65ENTRYPOINT ["docker-entrypoint.sh"]
66
28# Run the application 67# Run the application
29CMD ["npm", "start"] 68CMD ["npm", "start"]
30VOLUME ["/data"]
31EXPOSE 9000 69EXPOSE 9000
diff --git a/support/docker/production/docker-entrypoint.sh b/support/docker/production/docker-entrypoint.sh
new file mode 100644
index 000000000..79f0e60f6
--- /dev/null
+++ b/support/docker/production/docker-entrypoint.sh
@@ -0,0 +1,16 @@
1#!/bin/sh
2set -e
3
4# first arg is `-f` or `--some-option`
5# or first arg is `something.conf`
6if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
7 set -- npm "$@"
8fi
9
10# allow the container to be started with `--user`
11if [ "$1" = 'npm' -a "$(id -u)" = '0' ]; then
12 chown -R peertube: /data
13 exec gosu peertube "$0" "$@"
14fi
15
16exec "$@"