diff options
author | Florent Poinsaut <florent@poinsaut.fr> | 2018-04-15 22:28:05 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-04-16 09:33:49 +0200 |
commit | 399d20eae6ec4e7a7fda1afd0e8b1a11a2cb1714 (patch) | |
tree | bdcfae14155f42e6ad8b3779ad8a7b50a2a9a2a4 /support | |
parent | 864e782bc2306f7154a185361ebf94e6e86472e8 (diff) | |
download | PeerTube-399d20eae6ec4e7a7fda1afd0e8b1a11a2cb1714.tar.gz PeerTube-399d20eae6ec4e7a7fda1afd0e8b1a11a2cb1714.tar.zst PeerTube-399d20eae6ec4e7a7fda1afd0e8b1a11a2cb1714.zip |
use gosu to fix /data permissions errors
Diffstat (limited to 'support')
-rw-r--r-- | support/doc/docker.md | 12 | ||||
-rw-r--r-- | support/docker/production/Dockerfile.stretch | 44 | ||||
-rw-r--r-- | support/docker/production/docker-entrypoint.sh | 16 |
3 files changed, 57 insertions, 15 deletions
diff --git a/support/doc/docker.md b/support/doc/docker.md index 3d25d06c4..e0c03a1dc 100644 --- a/support/doc/docker.md +++ b/support/doc/docker.md | |||
@@ -50,18 +50,6 @@ balancer, although any HTTP reverse proxy will work fine. See the example | |||
50 | Nginx configuration `support/nginx/peertube` file to get an idea of | 50 | Nginx configuration `support/nginx/peertube` file to get an idea of |
51 | recommendations and requirements to run PeerTube the most efficiently. | 51 | recommendations and requirements to run PeerTube the most efficiently. |
52 | 52 | ||
53 | When starting the containers for the first time, you will get permissions errors for the data volume, like this one: | ||
54 | |||
55 | ``` | ||
56 | Error: EACCES: permission denied, mkdir '/data/logs' | ||
57 | ``` | ||
58 | |||
59 | The peertube user inside the container has a UID and GID of 991 so you have to change the folder's owner, in the case you're using `./data`: | ||
60 | |||
61 | ``` | ||
62 | chown -R 991:991 data/ | ||
63 | ``` | ||
64 | |||
65 | **Important**: note that you'll get the initial `root` user password from the | 53 | **Important**: note that you'll get the initial `root` user password from the |
66 | program output, so check out your logs to find them. | 54 | program output, so check out your logs to find them. |
67 | 55 | ||
diff --git a/support/docker/production/Dockerfile.stretch b/support/docker/production/Dockerfile.stretch index b1905b3a8..bf2bae510 100644 --- a/support/docker/production/Dockerfile.stretch +++ b/support/docker/production/Dockerfile.stretch | |||
@@ -1,13 +1,45 @@ | |||
1 | FROM node:8-stretch | 1 | FROM node:8-stretch |
2 | 2 | ||
3 | RUN set -ex; \ | ||
4 | if ! command -v gpg > /dev/null; then \ | ||
5 | apt-get update; \ | ||
6 | apt-get install -y --no-install-recommends \ | ||
7 | gnupg \ | ||
8 | dirmngr \ | ||
9 | ; \ | ||
10 | rm -rf /var/lib/apt/lists/*; \ | ||
11 | fi | ||
12 | |||
3 | # Install dependencies | 13 | # Install dependencies |
4 | RUN apt-get update \ | 14 | RUN apt-get update \ |
5 | && apt-get -y install ffmpeg \ | 15 | && apt-get -y install ffmpeg \ |
6 | && rm /var/lib/apt/lists/* -fR | 16 | && rm /var/lib/apt/lists/* -fR |
7 | 17 | ||
8 | # Add peertube user | 18 | # Add peertube user |
9 | RUN groupadd -g 991 peertube \ | 19 | RUN groupadd -r peertube \ |
10 | && useradd -u 991 -g peertube -m peertube | 20 | && useradd -r -g peertube -m peertube |
21 | |||
22 | # grab gosu for easy step-down from root | ||
23 | # https://github.com/tianon/gosu/releases | ||
24 | ENV GOSU_VERSION 1.10 | ||
25 | RUN set -ex; \ | ||
26 | \ | ||
27 | fetchDeps='ca-certificates wget'; \ | ||
28 | apt-get update; \ | ||
29 | apt-get install -y --no-install-recommends $fetchDeps; \ | ||
30 | rm -rf /var/lib/apt/lists/*; \ | ||
31 | \ | ||
32 | dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ | ||
33 | wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ | ||
34 | wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ | ||
35 | export GNUPGHOME="$(mktemp -d)"; \ | ||
36 | gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ | ||
37 | gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ | ||
38 | rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ | ||
39 | chmod +x /usr/local/bin/gosu; \ | ||
40 | gosu nobody true; \ | ||
41 | \ | ||
42 | apt-get purge -y --auto-remove wget | ||
11 | 43 | ||
12 | # Download the latest version | 44 | # Download the latest version |
13 | RUN git clone https://github.com/Chocobozzz/PeerTube /app \ | 45 | RUN git clone https://github.com/Chocobozzz/PeerTube /app \ |
@@ -25,7 +57,13 @@ RUN cp /app/config/default.yaml /app/support/docker/production/config/default.ya | |||
25 | ENV NODE_ENV production | 57 | ENV NODE_ENV production |
26 | ENV NODE_CONFIG_DIR /app/support/docker/production/config | 58 | ENV NODE_CONFIG_DIR /app/support/docker/production/config |
27 | 59 | ||
60 | USER root | ||
61 | RUN mkdir /data && chown peertube:peertube /data | ||
62 | VOLUME /data | ||
63 | |||
64 | COPY docker-entrypoint.sh /usr/local/bin/ | ||
65 | ENTRYPOINT ["docker-entrypoint.sh"] | ||
66 | |||
28 | # Run the application | 67 | # Run the application |
29 | CMD ["npm", "start"] | 68 | CMD ["npm", "start"] |
30 | VOLUME ["/data"] | ||
31 | EXPOSE 9000 | 69 | EXPOSE 9000 |
diff --git a/support/docker/production/docker-entrypoint.sh b/support/docker/production/docker-entrypoint.sh new file mode 100644 index 000000000..79f0e60f6 --- /dev/null +++ b/support/docker/production/docker-entrypoint.sh | |||
@@ -0,0 +1,16 @@ | |||
1 | #!/bin/sh | ||
2 | set -e | ||
3 | |||
4 | # first arg is `-f` or `--some-option` | ||
5 | # or first arg is `something.conf` | ||
6 | if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then | ||
7 | set -- npm "$@" | ||
8 | fi | ||
9 | |||
10 | # allow the container to be started with `--user` | ||
11 | if [ "$1" = 'npm' -a "$(id -u)" = '0' ]; then | ||
12 | chown -R peertube: /data | ||
13 | exec gosu peertube "$0" "$@" | ||
14 | fi | ||
15 | |||
16 | exec "$@" | ||