diff options
author | Bastien Wirtz <bastien.wirtz@gmail.com> | 2022-04-10 11:55:11 +0200 |
---|---|---|
committer | Bastien Wirtz <bastien.wirtz@gmail.com> | 2022-04-30 15:39:36 +0200 |
commit | 049f85221e945b90bf87d21afe4d306839d65740 (patch) | |
tree | 1288ab580f2a274df8b507e2bbe37e2ff03c70ca | |
parent | cd75da69f9e57c3fe0f63c3ed6def0577d75a47c (diff) | |
download | homer-049f85221e945b90bf87d21afe4d306839d65740.tar.gz homer-049f85221e945b90bf87d21afe4d306839d65740.tar.zst homer-049f85221e945b90bf87d21afe4d306839d65740.zip |
Simplify the container starting process to allow it to run with a
unprivileged user
-rw-r--r-- | Dockerfile | 20 | ||||
-rw-r--r-- | Dockerfile.arm32v7 | 10 | ||||
-rw-r--r-- | Dockerfile.arm64v8 | 10 | ||||
-rw-r--r-- | README.md | 25 | ||||
-rw-r--r-- | docker-compose.yml | 7 | ||||
-rw-r--r-- | entrypoint.sh | 25 | ||||
-rw-r--r-- | lighttpd.conf | 4 | ||||
-rw-r--r-- | src/assets/app.scss | 4 |
8 files changed, 52 insertions, 53 deletions
@@ -12,24 +12,28 @@ RUN yarn build | |||
12 | # production stage | 12 | # production stage |
13 | FROM alpine:3.15 | 13 | FROM alpine:3.15 |
14 | 14 | ||
15 | ENV USER lighttpd | 15 | ENV GID 1000 |
16 | ENV GROUP lighttpd | 16 | ENV UID 1000 |
17 | ENV GID 911 | ||
18 | ENV UID 911 | ||
19 | ENV PORT 8080 | 17 | ENV PORT 8080 |
20 | ENV SUBFOLDER "/_" | 18 | ENV SUBFOLDER "/_" |
19 | ENV INIT_ASSETS 1 | ||
21 | 20 | ||
22 | RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} && \ | 21 | RUN addgroup -S lighttpd -g ${GID} && adduser -D -S -u ${UID} lighttpd lighttpd && \ |
23 | apk add -U --no-cache lighttpd | 22 | apk add -U --no-cache lighttpd |
24 | 23 | ||
25 | COPY entrypoint.sh /entrypoint.sh | 24 | WORKDIR /www |
26 | COPY lighttpd.conf /lighttpd.conf | ||
27 | 25 | ||
28 | COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/ | 26 | COPY lighttpd.conf /lighttpd.conf |
27 | COPY entrypoint.sh /entrypoint.sh | ||
28 | COPY --from=build-stage --chown=${UID}:${GID} /app/dist /www/ | ||
29 | COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets | 29 | COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets |
30 | |||
31 | USER ${UID}:${GID} | ||
32 | |||
30 | HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ | 33 | HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ |
31 | CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1 | 34 | CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1 |
32 | 35 | ||
33 | EXPOSE ${PORT} | 36 | EXPOSE ${PORT} |
34 | VOLUME /www/assets | 37 | VOLUME /www/assets |
38 | |||
35 | ENTRYPOINT ["/bin/sh", "/entrypoint.sh"] | 39 | ENTRYPOINT ["/bin/sh", "/entrypoint.sh"] |
diff --git a/Dockerfile.arm32v7 b/Dockerfile.arm32v7 index 01a2196..7e1d92b 100644 --- a/Dockerfile.arm32v7 +++ b/Dockerfile.arm32v7 | |||
@@ -32,14 +32,16 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} & | |||
32 | apk add -U --no-cache lighttpd && \ | 32 | apk add -U --no-cache lighttpd && \ |
33 | rm /usr/bin/qemu-arm-static | 33 | rm /usr/bin/qemu-arm-static |
34 | 34 | ||
35 | COPY entrypoint.sh /entrypoint.sh | 35 | WORKDIR /www |
36 | COPY lighttpd.conf /lighttpd.conf | ||
37 | 36 | ||
37 | COPY lighttpd.conf /lighttpd.conf | ||
38 | COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/ | 38 | COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/ |
39 | COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets | 39 | |
40 | USER ${USER} | ||
40 | HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ | 41 | HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ |
41 | CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1 | 42 | CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1 |
42 | 43 | ||
43 | EXPOSE ${PORT} | 44 | EXPOSE ${PORT} |
44 | VOLUME /www/assets | 45 | VOLUME /www/assets |
45 | ENTRYPOINT ["/bin/sh", "/entrypoint.sh"] | 46 | |
47 | CMD ["lighttpd", "-D", "-f", "/lighttpd.conf"] | ||
diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8 index f9e6675..573a2e4 100644 --- a/Dockerfile.arm64v8 +++ b/Dockerfile.arm64v8 | |||
@@ -32,14 +32,16 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} & | |||
32 | apk add -U --no-cache lighttpd && \ | 32 | apk add -U --no-cache lighttpd && \ |
33 | rm /usr/bin/qemu-aarch64-static | 33 | rm /usr/bin/qemu-aarch64-static |
34 | 34 | ||
35 | COPY entrypoint.sh /entrypoint.sh | 35 | WORKDIR /www |
36 | COPY lighttpd.conf /lighttpd.conf | ||
37 | 36 | ||
37 | COPY lighttpd.conf /lighttpd.conf | ||
38 | COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/ | 38 | COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/ |
39 | COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets | 39 | |
40 | USER ${USER} | ||
40 | HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ | 41 | HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ |
41 | CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1 | 42 | CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1 |
42 | 43 | ||
43 | EXPOSE ${PORT} | 44 | EXPOSE ${PORT} |
44 | VOLUME /www/assets | 45 | VOLUME /www/assets |
45 | ENTRYPOINT ["/bin/sh", "/entrypoint.sh"] | 46 | |
47 | CMD ["lighttpd", "-D", "-f", "/lighttpd.conf"] | ||
@@ -71,8 +71,6 @@ See [documentation](docs/configuration.md) for information about the configurati | |||
71 | 71 | ||
72 | ### Using docker | 72 | ### Using docker |
73 | 73 | ||
74 | To launch container: | ||
75 | |||
76 | ```sh | 74 | ```sh |
77 | docker run -d \ | 75 | docker run -d \ |
78 | -p 8080:8080 \ | 76 | -p 8080:8080 \ |
@@ -81,16 +79,19 @@ docker run -d \ | |||
81 | b4bz/homer:latest | 79 | b4bz/homer:latest |
82 | ``` | 80 | ``` |
83 | 81 | ||
84 | Default assets will be automatically installed in the `/www/assets` directory. Use `UID` and/or `GID` env var to change the assets owner (`docker run -e "UID=1000" -e "GID=1000" [...]`). | 82 | Environment variables: |
83 | |||
84 | * **`INIT_ASSETS`** (default: `1`) | ||
85 | Install exemple configuration file & assets (favicons, ...) to help you get started. | ||
85 | 86 | ||
86 | ## Host in subfolder | 87 | * **`SUBFOLDER`** (default: `null`) |
88 | If you would like to host Homer in a subfolder, (ex: *http://my-domain/**homer***), set this to the subfolder path (ex `/homer`). | ||
87 | 89 | ||
88 | If you would like to host Homer in a subfolder, for e.g. behind a reverse proxy, supply the name of subfolder by using the `SUBFOLDER` env var. | ||
89 | 90 | ||
90 | ### Using docker-compose | 91 | ### Using docker-compose |
91 | 92 | ||
92 | The `docker-compose.yml` file must be edited to match your needs. | 93 | The `docker-compose.yml` file must be edited to match your needs. |
93 | Set the port and volume (equivalent to `-p` and `-v` arguments): | 94 | You probably want to set the port mapping and volume binding (equivalent to `-p` and `-v` arguments): |
94 | 95 | ||
95 | ```yaml | 96 | ```yaml |
96 | volumes: | 97 | volumes: |
@@ -99,21 +100,13 @@ ports: | |||
99 | - 8080:8080 | 100 | - 8080:8080 |
100 | ``` | 101 | ``` |
101 | 102 | ||
102 | To launch container: | 103 | Then launch the container: |
103 | 104 | ||
104 | ```sh | 105 | ```sh |
105 | cd /path/to/docker-compose.yml | 106 | cd /path/to/docker-compose.yml/ |
106 | docker-compose up -d | 107 | docker-compose up -d |
107 | ``` | 108 | ``` |
108 | 109 | ||
109 | Default assets will be automatically installed in the `/www/assets` directory. Use `UID` and/or `GID` env var to change the assets owner, also in `docker-compose.yml`: | ||
110 | |||
111 | ```yaml | ||
112 | environment: | ||
113 | - UID=1000 | ||
114 | - GID=1000 | ||
115 | ``` | ||
116 | |||
117 | ### Using the release tarball (prebuilt, ready to use) | 110 | ### Using the release tarball (prebuilt, ready to use) |
118 | 111 | ||
119 | Download and extract the latest release (`homer.zip`) from the [release page](https://github.com/bastienwirtz/homer/releases), rename the `assets/config.yml.dist` file to `assets/config.yml`, and put it behind a web server. | 112 | Download and extract the latest release (`homer.zip`) from the [release page](https://github.com/bastienwirtz/homer/releases), rename the `assets/config.yml.dist` file to `assets/config.yml`, and put it behind a web server. |
diff --git a/docker-compose.yml b/docker-compose.yml index 884703c..231e72a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml | |||
@@ -10,7 +10,6 @@ services: | |||
10 | - /your/local/assets/:/www/assets | 10 | - /your/local/assets/:/www/assets |
11 | ports: | 11 | ports: |
12 | - 8080:8080 | 12 | - 8080:8080 |
13 | #environment: | 13 | user: 1000:1000 # default |
14 | # - UID=1000 | 14 | environment: |
15 | # - GID=1000 | 15 | - INIT_ASSETS=1 # default |
16 | restart: unless-stopped | ||
diff --git a/entrypoint.sh b/entrypoint.sh index e10e17e..eba1cb2 100644 --- a/entrypoint.sh +++ b/entrypoint.sh | |||
@@ -1,23 +1,18 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | 2 | ||
3 | # Ensure default assets are present. | 3 | PERMISSION_ERROR="Check assets directory permissions & docker user or skip default assets install by setting the INIT_ASSETS env var to 0" |
4 | while true; do echo n; done | cp -Ri /www/default-assets/* /www/assets/ &> /dev/null | ||
5 | 4 | ||
6 | # Ensure compatibility with previous version (config.yml was in the root directory) | 5 | # Default assets & exemple configuration installation if possible. |
7 | if [ -f "/www/config.yml" ]; then | 6 | if [[ "${INIT_ASSETS}" == "1" ]] && [[ ! -f "/www/config.yml" ]]; then |
8 | yes n | cp -i /www/config.yml /www/assets/ &> /dev/null | 7 | echo "No configuration found, installing default config & assets" |
9 | fi | 8 | if [[ ! -w "/www/assets/" ]]; then echo "Assets directory not writable. $PERMISSION_ERROR" && exit 1; fi |
10 | 9 | ||
11 | # Install default config if no one is available. | 10 | while true; do echo n; done | cp -Ri /www/default-assets/* /www/assets/ &> /dev/null |
12 | yes n | cp -i /www/default-assets/config.yml.dist /www/assets/config.yml &> /dev/null | 11 | if [[ $? -ne 0 ]]; then echo "Fail to copy default assets. $PERMISSION_ERROR" && exit 1; fi |
13 | 12 | ||
14 | # Create symbolic link for hosting in subfolder. | 13 | yes n | cp -i /www/default-assets/config.yml.dist /www/assets/config.yml &> /dev/null |
15 | if [[ -n "${SUBFOLDER}" ]]; then | 14 | if [[ $? -ne 0 ]]; then echo "Fail to copy default config file. $PERMISSION_ERROR" && exit 1; fi |
16 | ln -s /www "/www/$SUBFOLDER" | ||
17 | chown -h $USER:$GROUP "/www/$SUBFOLDER" | ||
18 | fi | 15 | fi |
19 | 16 | ||
20 | chown -R $UID:$GID /www/assets | ||
21 | |||
22 | echo "Starting webserver" | 17 | echo "Starting webserver" |
23 | lighttpd -D -f /lighttpd.conf | 18 | lighttpd -D -f /lighttpd.conf |
diff --git a/lighttpd.conf b/lighttpd.conf index 04b0bed..32e14da 100644 --- a/lighttpd.conf +++ b/lighttpd.conf | |||
@@ -2,8 +2,8 @@ include "/etc/lighttpd/mime-types.conf" | |||
2 | 2 | ||
3 | server.port = env.PORT | 3 | server.port = env.PORT |
4 | server.modules = ( "mod_alias" ) | 4 | server.modules = ( "mod_alias" ) |
5 | server.username = env.USER | 5 | server.username = "lighttpd" |
6 | server.groupname = env.GROUP | 6 | server.groupname = "lighttpd" |
7 | server.document-root = "/www" | 7 | server.document-root = "/www" |
8 | alias.url = ( env.SUBFOLDER => "/www" ) | 8 | alias.url = ( env.SUBFOLDER => "/www" ) |
9 | server.indexfiles = ("index.html") | 9 | server.indexfiles = ("index.html") |
diff --git a/src/assets/app.scss b/src/assets/app.scss index aa8b077..ae2cb6b 100644 --- a/src/assets/app.scss +++ b/src/assets/app.scss | |||
@@ -104,6 +104,10 @@ body { | |||
104 | 104 | ||
105 | .dashboard-title { | 105 | .dashboard-title { |
106 | padding: 6px 0 0 80px; | 106 | padding: 6px 0 0 80px; |
107 | |||
108 | &.no-logo { | ||
109 | padding-left: 0; | ||
110 | } | ||
107 | } | 111 | } |
108 | 112 | ||
109 | .first-line { | 113 | .first-line { |