2FAuth/docker
aronmal ff140fb5fa
Update docker docs - #68 #75 (#77)
* Fix recommendation for Bubka #68 in docs

Adding a recommendation to use the AUTHENTICATION_GUARD environment variable as a fix for issue #68.

* Mail Settings in docker README.md

https://github.com/Bubka/2FAuth/issues/75
2022-05-13 10:49:44 +02:00
..
docker-compose.yml Set empty env var with null 2022-05-10 15:34:51 +02:00
entrypoint.sh Change to Alpine for x2 smaller image 2021-08-04 11:03:28 -04:00
nginx.conf Change to Alpine for x2 smaller image 2021-08-04 11:03:28 -04:00
README.md Update docker docs - #68 #75 (#77) 2022-05-13 10:49:44 +02:00
supervisord.conf Change to Alpine for x2 smaller image 2021-08-04 11:03:28 -04:00

Docker

Build status

dockeri.co

You can run 2fauth in a single Docker container.

Features

  • Latest size
  • Compatible with: amd64, 386, arm64, arm/v6 and arm/v7
  • Stores data in an Sqlite database file
  • Runs without root as user with id 1000 and group id 1000

Setup

We assume your current directory is /yourpath.

  1. Create a directory on your host:

    mkdir 2fauth
    
  2. If your host is not Windows: since the container runs without root as user 1000:1000, you need to fix the ownership and permissions of that directory:

    chown 1000:1000 2fauth
    chmod 700 2fauth
    

    💁 if you feel like using another ID, you can build the image with build arguments.

  3. Run the container interactively:

    docker run -it --rm -p 8000:8000/tcp \
    -v /yourpath/2fauth:/2fauth 2fauth/2fauth
    -e AUTHENTICATION_GUARD=web-guard #fix for issue #68
    
  4. Access it at http://localhost:8000

You can stop it with CTRL+C.

  • You can also run it in the background by replacing -it --rm with -d.
  • You can set environment variables available (see the .env.example) with -e, for example -e APP_NAME=2FAuth.
  • You can also use the docker-compose.yml with docker-compose and modify it as you wish.

Use an existing SQLite file

If you already have an SQLite file, move it to /yourpath/2fauth/database.sqlite on your host before starting the container. Don't forget to fix its ownership and permissions if you run on *nix:

chown 1000:1000 /yourpath/2fauth/database.sqlite
chmod 700 /yourpath/2fauth/database.sqlite

The container will automagically pick it up.

Update

⚠️ At the very least, backup your database.sqlite file to avoid bad surprises!

The Docker image 2fauth/2fauth is built on every commit pushed to the master branch.

You can therefore pull the image with docker pull 2fauth/2fauth and restart the container to update it.

You can also use tagged images, see Docker Hub tags which are produced on Github releases.

Build the image

You can build the image from the master branch with docker and git using:

docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git

Build the image for a specific release

You can build a specific release by appending the release tag with #<release-tag> to the command. For example:

docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git#v3.0.0

Build the image for a specific commit

You can build a specific commit (see master's commits) by appending the commit hash with #<commit-hash> to the command. For example:

docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git#fba9e29bd4e3bb697296bb0bde60ae869537528b

Build the image with build arguments

There are the following build arguments you can use to customize the image using --build-arg key=value:

Build argument Default Description
UID 1000 The UID of the user to run the container as
GID 1000 The GID of the user to run the container as
DEBIAN_VERSION buster-slim The Debian version to use
PHP_VERSION 7.4-buster The PHP version to use to get composer dependencies
COMPOSER_VERSION 2.1 The version of composer to use
SUPERVISORD_VERSION v0.7.3 The version of supervisord to use
VERSION unknown The version of the image
CREATED an unknown date The date of the image build time
COMMIT unknown The commit hash of the Git commit used

Mail settings

Build argument Default Description
MAIL_HOST smtp.mailtrap.io The SMTP hostname
MAIL_PORT 2525 The coresponding SMTP port
MAIL_FROM changeme@example.com The sender adress
MAIL_USERNAME null The SMTP username
MAIL_PASSWORD null The SMTP password

Example:

...
-e MAIL_HOST=smtp.example.com
-e MAIL_PORT=587
-e MAIL_FROM=2fauth@example.com
-e MAIL_USERNAME=2fauth@example.com
-e MAIL_PASSWORD=password1234

Implementation details

  • The final Docker image is based on alpine:3.14 with minimal packages installed
  • The container runs supervisord to handle both an Nginx server and a PHP-FPM server together
  • The /srv directory holds the repository data and PHP code.
  • The /2fauth directory is targeted for the container end users.
  • By default the container logs the Nginx logs and the PHP-FPM logs. The application logs (if any) can be found in /2fauth/storage/logs.