# Docker [![Build status](https://github.com/Bubka/2fauth/actions/workflows/ci.yml/badge.svg)](https://github.com/Bubka/2fauth/actions/workflows/ci.yml) [![dockeri.co](https://dockeri.co/image/2fauth/2fauth)](https://hub.docker.com/r/2fauth/2fauth) You can run 2fauth in a single Docker container. ## Features - [![Latest size](https://img.shields.io/docker/image-size/2fauth/2fauth/latest?label=Image%20size)](https://hub.docker.com/r/2fauth/2fauth/tags) - Compatible with: `amd64`, `386`, `arm64`, `arm/v6` and `arm/v7` - Stores data in an Sqlite database file - Runs without root as user with id `1000` and group id `1000` ## Setup We assume your current directory is `/yourpath`. 1. Create a directory on your host: ```sh mkdir 2fauth ``` 1. **If your host is not Windows**: since the container runs without root as user `1000:1000`, you need to fix the ownership and permissions of that directory: ```sh chown 1000:1000 2fauth chmod 700 2fauth ``` 💁 if you feel like using another ID, you can [build the image with build arguments](#build-the-image-with-build-arguments). 1. Run the container interactively: ```sh docker run -it --rm -p 8000:8000/tcp \ -v /yourpath/2fauth:/2fauth 2fauth/2fauth -e AUTHENTICATION_GUARD=web-guard #fix for issue #68 ``` 1. Access it at [http://localhost:8000](http://localhost:8000) You can stop it with `CTRL+C`. - You can also run it in the background by replacing `-it --rm` with `-d`. - You can set environment variables available (see the [.env.example](../.env.example)) with `-e`, for example `-e APP_NAME=2FAuth`. - You can also use the [docker-compose.yml](docker-compose.yml) with `docker-compose` and modify it as you wish. ### Use an existing SQLite file If you already have an SQLite file, move it to `/yourpath/2fauth/database.sqlite` on your host before starting the container. Don't forget to fix its ownership and permissions if you run on *nix: ```sh chown 1000:1000 /yourpath/2fauth/database.sqlite chmod 700 /yourpath/2fauth/database.sqlite ``` The container will automagically pick it up. ## Update ⚠️ At the very least, backup your `database.sqlite` file to avoid bad surprises! The Docker image `2fauth/2fauth` is built on every commit pushed to the `master` branch. You can therefore pull the image with `docker pull 2fauth/2fauth` and restart the container to update it. You can also use tagged images, see [Docker Hub tags](https://hub.docker.com/r/2fauth/2fauth/tags?page=1&ordering=last_updated) which are produced on Github releases. ## Build the image You can build the image from the `master` branch with `docker` and `git` using: ```sh docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git ``` ### Build the image for a specific release You can build a [specific release](https://github.com/Bubka/2FAuth/releases) by appending the release tag with `#` to the command. For example: ```sh docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git#v3.0.0 ``` ### Build the image for a specific commit You can build a specific commit (see [master's commits](https://github.com/Bubka/2FAuth/commits/master)) by appending the commit hash with `#` to the command. For example: ```sh docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git#fba9e29bd4e3bb697296bb0bde60ae869537528b ``` ### Build the image with build arguments There are the following build arguments you can use to customize the image using `--build-arg key=value`: | Build argument | Default | Description | | --- | --- | --- | | `UID` | 1000 | The UID of the user to run the container as | | `GID` | 1000 | The GID of the user to run the container as | | `DEBIAN_VERSION` | `buster-slim` | The Debian version to use | | `PHP_VERSION` | `8.2-buster` | The PHP version to use to get composer dependencies | | `COMPOSER_VERSION` | `2.7` | The version of composer to use | | `SUPERVISORD_VERSION` | `v0.7.3` | The version of supervisord to use | | `VERSION` | `unknown` | The version of the image | | `CREATED` | `an unknown date` | The date of the image build time | | `COMMIT` | `unknown` | The commit hash of the Git commit used | #### Mail settings > Refer your email provider documentation to configure your mail settings > > Set a value for every available setting to avoid issue | Build argument | Recommendation | Description | | --- | --- | --- | | `MAIL_MAILER` | `SMTP` | The driver type | | `MAIL_HOST` | `smtp.yourdomain.com` | The SMTP hostname | | `MAIL_PORT` | 587 | The corresponding SMTP port (587 with STARTTLS) or (465 with SSL recommended) | | `MAIL_USERNAME` | `2fauth@yourdomain.com` | The SMTP username | | `MAIL_PASSWORD` | `password1234` | The SMTP password | | `MAIL_ENCRYPTION` | `TLS` | The encrytion type (TLS -> STARTTLS) or SSL | | `MAIL_FROM_NAME` | `2FAuth` | The sender name | | `MAIL_FROM_ADDRESS` | `2fauth@yourdomain.com` | The sender adress | Example: ```text -e MAIL_MAILER=SMTP -e MAIL_HOST=smtp.example.com -e MAIL_PORT=587 # STARTTLS -e MAIL_USERNAME=2fauth@example.com -e MAIL_PASSWORD=password1234 -e MAIL_ENCRYPTION=TLS # STARTTLS -e MAIL_FROM_NAME=2FAuth -e MAIL_FROM_ADDRESS=2fauth@example.com ``` ## Implementation details - The final Docker image is based on `alpine:3.14` with minimal packages installed - The container runs [`supervisord`](https://github.com/ochinchina/supervisord) to handle both an Nginx server and a PHP-FPM server together - The `/srv` directory holds the repository data and PHP code. - The `/2fauth` directory is targeted for the container end users. - By default the container logs the Nginx logs and the PHP-FPM logs. The application logs (if any) can be found in `/2fauth/storage/logs`.