aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorBastien Wirtz <bastien.wirtz@gmail.com>2022-04-10 11:55:11 +0200
committerBastien Wirtz <bastien.wirtz@gmail.com>2022-04-30 15:39:36 +0200
commit049f85221e945b90bf87d21afe4d306839d65740 (patch)
tree1288ab580f2a274df8b507e2bbe37e2ff03c70ca
parentcd75da69f9e57c3fe0f63c3ed6def0577d75a47c (diff)
downloadhomer-049f85221e945b90bf87d21afe4d306839d65740.tar.gz
homer-049f85221e945b90bf87d21afe4d306839d65740.tar.zst
homer-049f85221e945b90bf87d21afe4d306839d65740.zip
Simplify the container starting process to allow it to run with a
unprivileged user
-rw-r--r--Dockerfile20
-rw-r--r--Dockerfile.arm32v710
-rw-r--r--Dockerfile.arm64v810
-rw-r--r--README.md25
-rw-r--r--docker-compose.yml7
-rw-r--r--entrypoint.sh25
-rw-r--r--lighttpd.conf4
-rw-r--r--src/assets/app.scss4
8 files changed, 52 insertions, 53 deletions
diff --git a/Dockerfile b/Dockerfile
index ffe50c4..0e9d51a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,24 +12,28 @@ RUN yarn build
12# production stage 12# production stage
13FROM alpine:3.15 13FROM alpine:3.15
14 14
15ENV USER lighttpd 15ENV GID 1000
16ENV GROUP lighttpd 16ENV UID 1000
17ENV GID 911
18ENV UID 911
19ENV PORT 8080 17ENV PORT 8080
20ENV SUBFOLDER "/_" 18ENV SUBFOLDER "/_"
19ENV INIT_ASSETS 1
21 20
22RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} && \ 21RUN addgroup -S lighttpd -g ${GID} && adduser -D -S -u ${UID} lighttpd lighttpd && \
23 apk add -U --no-cache lighttpd 22 apk add -U --no-cache lighttpd
24 23
25COPY entrypoint.sh /entrypoint.sh 24WORKDIR /www
26COPY lighttpd.conf /lighttpd.conf
27 25
28COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/ 26COPY lighttpd.conf /lighttpd.conf
27COPY entrypoint.sh /entrypoint.sh
28COPY --from=build-stage --chown=${UID}:${GID} /app/dist /www/
29COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets 29COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets
30
31USER ${UID}:${GID}
32
30HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ 33HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
31 CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1 34 CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1
32 35
33EXPOSE ${PORT} 36EXPOSE ${PORT}
34VOLUME /www/assets 37VOLUME /www/assets
38
35ENTRYPOINT ["/bin/sh", "/entrypoint.sh"] 39ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]
diff --git a/Dockerfile.arm32v7 b/Dockerfile.arm32v7
index 01a2196..7e1d92b 100644
--- a/Dockerfile.arm32v7
+++ b/Dockerfile.arm32v7
@@ -32,14 +32,16 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} &
32 apk add -U --no-cache lighttpd && \ 32 apk add -U --no-cache lighttpd && \
33 rm /usr/bin/qemu-arm-static 33 rm /usr/bin/qemu-arm-static
34 34
35COPY entrypoint.sh /entrypoint.sh 35WORKDIR /www
36COPY lighttpd.conf /lighttpd.conf
37 36
37COPY lighttpd.conf /lighttpd.conf
38COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/ 38COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/
39COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets 39
40USER ${USER}
40HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ 41HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
41 CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1 42 CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1
42 43
43EXPOSE ${PORT} 44EXPOSE ${PORT}
44VOLUME /www/assets 45VOLUME /www/assets
45ENTRYPOINT ["/bin/sh", "/entrypoint.sh"] 46
47CMD ["lighttpd", "-D", "-f", "/lighttpd.conf"]
diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8
index f9e6675..573a2e4 100644
--- a/Dockerfile.arm64v8
+++ b/Dockerfile.arm64v8
@@ -32,14 +32,16 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} &
32 apk add -U --no-cache lighttpd && \ 32 apk add -U --no-cache lighttpd && \
33 rm /usr/bin/qemu-aarch64-static 33 rm /usr/bin/qemu-aarch64-static
34 34
35COPY entrypoint.sh /entrypoint.sh 35WORKDIR /www
36COPY lighttpd.conf /lighttpd.conf
37 36
37COPY lighttpd.conf /lighttpd.conf
38COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/ 38COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/
39COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets 39
40USER ${USER}
40HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ 41HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
41 CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1 42 CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1
42 43
43EXPOSE ${PORT} 44EXPOSE ${PORT}
44VOLUME /www/assets 45VOLUME /www/assets
45ENTRYPOINT ["/bin/sh", "/entrypoint.sh"] 46
47CMD ["lighttpd", "-D", "-f", "/lighttpd.conf"]
diff --git a/README.md b/README.md
index 57185a7..6ac71e6 100644
--- a/README.md
+++ b/README.md
@@ -71,8 +71,6 @@ See [documentation](docs/configuration.md) for information about the configurati
71 71
72### Using docker 72### Using docker
73 73
74To launch container:
75
76```sh 74```sh
77docker run -d \ 75docker run -d \
78 -p 8080:8080 \ 76 -p 8080:8080 \
@@ -81,16 +79,19 @@ docker run -d \
81 b4bz/homer:latest 79 b4bz/homer:latest
82``` 80```
83 81
84Default assets will be automatically installed in the `/www/assets` directory. Use `UID` and/or `GID` env var to change the assets owner (`docker run -e "UID=1000" -e "GID=1000" [...]`). 82Environment variables:
83
84* **`INIT_ASSETS`** (default: `1`)
85Install exemple configuration file & assets (favicons, ...) to help you get started.
85 86
86## Host in subfolder 87* **`SUBFOLDER`** (default: `null`)
88If you would like to host Homer in a subfolder, (ex: *http://my-domain/**homer***), set this to the subfolder path (ex `/homer`).
87 89
88If you would like to host Homer in a subfolder, for e.g. behind a reverse proxy, supply the name of subfolder by using the `SUBFOLDER` env var.
89 90
90### Using docker-compose 91### Using docker-compose
91 92
92The `docker-compose.yml` file must be edited to match your needs. 93The `docker-compose.yml` file must be edited to match your needs.
93Set the port and volume (equivalent to `-p` and `-v` arguments): 94You probably want to set the port mapping and volume binding (equivalent to `-p` and `-v` arguments):
94 95
95```yaml 96```yaml
96volumes: 97volumes:
@@ -99,21 +100,13 @@ ports:
99 - 8080:8080 100 - 8080:8080
100``` 101```
101 102
102To launch container: 103Then launch the container:
103 104
104```sh 105```sh
105cd /path/to/docker-compose.yml 106cd /path/to/docker-compose.yml/
106docker-compose up -d 107docker-compose up -d
107``` 108```
108 109
109Default assets will be automatically installed in the `/www/assets` directory. Use `UID` and/or `GID` env var to change the assets owner, also in `docker-compose.yml`:
110
111```yaml
112environment:
113 - UID=1000
114 - GID=1000
115```
116
117### Using the release tarball (prebuilt, ready to use) 110### Using the release tarball (prebuilt, ready to use)
118 111
119Download and extract the latest release (`homer.zip`) from the [release page](https://github.com/bastienwirtz/homer/releases), rename the `assets/config.yml.dist` file to `assets/config.yml`, and put it behind a web server. 112Download and extract the latest release (`homer.zip`) from the [release page](https://github.com/bastienwirtz/homer/releases), rename the `assets/config.yml.dist` file to `assets/config.yml`, and put it behind a web server.
diff --git a/docker-compose.yml b/docker-compose.yml
index 884703c..231e72a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,7 +10,6 @@ services:
10 - /your/local/assets/:/www/assets 10 - /your/local/assets/:/www/assets
11 ports: 11 ports:
12 - 8080:8080 12 - 8080:8080
13 #environment: 13 user: 1000:1000 # default
14 # - UID=1000 14 environment:
15 # - GID=1000 15 - INIT_ASSETS=1 # default
16 restart: unless-stopped
diff --git a/entrypoint.sh b/entrypoint.sh
index e10e17e..eba1cb2 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,23 +1,18 @@
1#!/bin/sh 1#!/bin/sh
2 2
3# Ensure default assets are present. 3PERMISSION_ERROR="Check assets directory permissions & docker user or skip default assets install by setting the INIT_ASSETS env var to 0"
4while true; do echo n; done | cp -Ri /www/default-assets/* /www/assets/ &> /dev/null
5 4
6# Ensure compatibility with previous version (config.yml was in the root directory) 5# Default assets & exemple configuration installation if possible.
7if [ -f "/www/config.yml" ]; then 6if [[ "${INIT_ASSETS}" == "1" ]] && [[ ! -f "/www/config.yml" ]]; then
8 yes n | cp -i /www/config.yml /www/assets/ &> /dev/null 7 echo "No configuration found, installing default config & assets"
9fi 8 if [[ ! -w "/www/assets/" ]]; then echo "Assets directory not writable. $PERMISSION_ERROR" && exit 1; fi
10 9
11# Install default config if no one is available. 10 while true; do echo n; done | cp -Ri /www/default-assets/* /www/assets/ &> /dev/null
12yes n | cp -i /www/default-assets/config.yml.dist /www/assets/config.yml &> /dev/null 11 if [[ $? -ne 0 ]]; then echo "Fail to copy default assets. $PERMISSION_ERROR" && exit 1; fi
13 12
14# Create symbolic link for hosting in subfolder. 13 yes n | cp -i /www/default-assets/config.yml.dist /www/assets/config.yml &> /dev/null
15if [[ -n "${SUBFOLDER}" ]]; then 14 if [[ $? -ne 0 ]]; then echo "Fail to copy default config file. $PERMISSION_ERROR" && exit 1; fi
16 ln -s /www "/www/$SUBFOLDER"
17 chown -h $USER:$GROUP "/www/$SUBFOLDER"
18fi 15fi
19 16
20chown -R $UID:$GID /www/assets
21
22echo "Starting webserver" 17echo "Starting webserver"
23lighttpd -D -f /lighttpd.conf 18lighttpd -D -f /lighttpd.conf
diff --git a/lighttpd.conf b/lighttpd.conf
index 04b0bed..32e14da 100644
--- a/lighttpd.conf
+++ b/lighttpd.conf
@@ -2,8 +2,8 @@ include "/etc/lighttpd/mime-types.conf"
2 2
3server.port = env.PORT 3server.port = env.PORT
4server.modules = ( "mod_alias" ) 4server.modules = ( "mod_alias" )
5server.username = env.USER 5server.username = "lighttpd"
6server.groupname = env.GROUP 6server.groupname = "lighttpd"
7server.document-root = "/www" 7server.document-root = "/www"
8alias.url = ( env.SUBFOLDER => "/www" ) 8alias.url = ( env.SUBFOLDER => "/www" )
9server.indexfiles = ("index.html") 9server.indexfiles = ("index.html")
diff --git a/src/assets/app.scss b/src/assets/app.scss
index aa8b077..ae2cb6b 100644
--- a/src/assets/app.scss
+++ b/src/assets/app.scss
@@ -104,6 +104,10 @@ body {
104 104
105 .dashboard-title { 105 .dashboard-title {
106 padding: 6px 0 0 80px; 106 padding: 6px 0 0 80px;
107
108 &.no-logo {
109 padding-left: 0;
110 }
107 } 111 }
108 112
109 .first-line { 113 .first-line {