2FAuth/docker
2023-12-09 17:35:34 +01:00
..
docker-compose.yml Update comments for env vars related to SSO 2023-12-09 17:35:34 +01:00
entrypoint.sh Add quiet option to prevent error during image start - Fixes #196 2023-07-06 10:19:04 +02:00
nginx.conf Increase nginx max_body_size to 10Mo - Closes #239 2023-12-01 19:32:51 +01:00
README.md Drop PHP 8.0 support & Fix unique validation rules 2023-03-25 12:26:01 +01:00
supervisord.conf Fix php-fpm version 2023-04-15 10:43:53 +02:00

Docker

Build status

dockeri.co

You can run 2fauth in a single Docker container.

Features

  • Latest size
  • Compatible with: amd64, 386, arm64, arm/v6 and arm/v7
  • Stores data in an Sqlite database file
  • Runs without root as user with id 1000 and group id 1000

Setup

We assume your current directory is /yourpath.

  1. Create a directory on your host:

    mkdir 2fauth
    
  2. If your host is not Windows: since the container runs without root as user 1000:1000, you need to fix the ownership and permissions of that directory:

    chown 1000:1000 2fauth
    chmod 700 2fauth
    

    💁 if you feel like using another ID, you can build the image with build arguments.

  3. Run the container interactively:

    docker run -it --rm -p 8000:8000/tcp \
    -v /yourpath/2fauth:/2fauth 2fauth/2fauth
    -e AUTHENTICATION_GUARD=web-guard #fix for issue #68
    
  4. Access it at http://localhost:8000

You can stop it with CTRL+C.

  • You can also run it in the background by replacing -it --rm with -d.
  • You can set environment variables available (see the .env.example) with -e, for example -e APP_NAME=2FAuth.
  • You can also use the docker-compose.yml with docker-compose and modify it as you wish.

Use an existing SQLite file

If you already have an SQLite file, move it to /yourpath/2fauth/database.sqlite on your host before starting the container. Don't forget to fix its ownership and permissions if you run on *nix:

chown 1000:1000 /yourpath/2fauth/database.sqlite
chmod 700 /yourpath/2fauth/database.sqlite

The container will automagically pick it up.

Update

⚠️ At the very least, backup your database.sqlite file to avoid bad surprises!

The Docker image 2fauth/2fauth is built on every commit pushed to the master branch.

You can therefore pull the image with docker pull 2fauth/2fauth and restart the container to update it.

You can also use tagged images, see Docker Hub tags which are produced on Github releases.

Build the image

You can build the image from the master branch with docker and git using:

docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git

Build the image for a specific release

You can build a specific release by appending the release tag with #<release-tag> to the command. For example:

docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git#v3.0.0

Build the image for a specific commit

You can build a specific commit (see master's commits) by appending the commit hash with #<commit-hash> to the command. For example:

docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git#fba9e29bd4e3bb697296bb0bde60ae869537528b

Build the image with build arguments

There are the following build arguments you can use to customize the image using --build-arg key=value:

Build argument Default Description
UID 1000 The UID of the user to run the container as
GID 1000 The GID of the user to run the container as
DEBIAN_VERSION buster-slim The Debian version to use
PHP_VERSION 8.1-buster The PHP version to use to get composer dependencies
COMPOSER_VERSION 2.3 The version of composer to use
SUPERVISORD_VERSION v0.7.3 The version of supervisord to use
VERSION unknown The version of the image
CREATED an unknown date The date of the image build time
COMMIT unknown The commit hash of the Git commit used

Mail settings

Refer your email provider documentation to configure your mail settings

Set a value for every available setting to avoid issue

Build argument Recommendation Description
MAIL_DRIVER SMTP The driver type
MAIL_HOST smtp.yourdomain.com The SMTP hostname
MAIL_PORT 587 The corresponding SMTP port (587 with STARTTLS) or (465 with SSL recommended)
MAIL_USERNAME 2fauth@yourdomain.com The SMTP username
MAIL_PASSWORD password1234 The SMTP password
MAIL_ENCRYPTION TLS The encrytion type (TLS -> STARTTLS) or SSL
MAIL_FROM_NAME 2FAuth The sender name
MAIL_FROM_ADDRESS 2fauth@yourdomain.com The sender adress

Example:

-e MAIL_DRIVER=SMTP
-e MAIL_HOST=smtp.example.com
-e MAIL_PORT=587 # STARTTLS
-e MAIL_USERNAME=2fauth@example.com
-e MAIL_PASSWORD=password1234
-e MAIL_ENCRYPTION=TLS # STARTTLS
-e MAIL_FROM_NAME=2FAuth
-e MAIL_FROM_ADDRESS=2fauth@example.com

Implementation details

  • The final Docker image is based on alpine:3.14 with minimal packages installed
  • The container runs supervisord to handle both an Nginx server and a PHP-FPM server together
  • The /srv directory holds the repository data and PHP code.
  • The /2fauth directory is targeted for the container end users.
  • By default the container logs the Nginx logs and the PHP-FPM logs. The application logs (if any) can be found in /2fauth/storage/logs.