* Fix recommendation for Bubka #68 in docs Adding a recommendation to use the AUTHENTICATION_GUARD environment variable as a fix for issue #68. * Mail Settings in docker README.md https://github.com/Bubka/2FAuth/issues/75
5.1 KiB
Docker
You can run 2fauth in a single Docker container.
Features
- Compatible with:
amd64
,386
,arm64
,arm/v6
andarm/v7
- Stores data in an Sqlite database file
- Runs without root as user with id
1000
and group id1000
Setup
We assume your current directory is /yourpath
.
-
Create a directory on your host:
mkdir 2fauth
-
If your host is not Windows: since the container runs without root as user
1000:1000
, you need to fix the ownership and permissions of that directory:chown 1000:1000 2fauth chmod 700 2fauth
💁 if you feel like using another ID, you can build the image with build arguments.
-
Run the container interactively:
docker run -it --rm -p 8000:8000/tcp \ -v /yourpath/2fauth:/2fauth 2fauth/2fauth -e AUTHENTICATION_GUARD=web-guard #fix for issue #68
-
Access it at http://localhost:8000
You can stop it with CTRL+C
.
- You can also run it in the background by replacing
-it --rm
with-d
. - You can set environment variables available (see the .env.example) with
-e
, for example-e APP_NAME=2FAuth
. - You can also use the docker-compose.yml with
docker-compose
and modify it as you wish.
Use an existing SQLite file
If you already have an SQLite file, move it to /yourpath/2fauth/database.sqlite
on your host before starting the container. Don't forget to fix its ownership and permissions if you run on *nix:
chown 1000:1000 /yourpath/2fauth/database.sqlite
chmod 700 /yourpath/2fauth/database.sqlite
The container will automagically pick it up.
Update
⚠️ At the very least, backup your database.sqlite
file to avoid bad surprises!
The Docker image 2fauth/2fauth
is built on every commit pushed to the master
branch.
You can therefore pull the image with docker pull 2fauth/2fauth
and restart the container to update it.
You can also use tagged images, see Docker Hub tags which are produced on Github releases.
Build the image
You can build the image from the master
branch with docker
and git
using:
docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git
Build the image for a specific release
You can build a specific release by appending the release tag with #<release-tag>
to the command. For example:
docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git#v3.0.0
Build the image for a specific commit
You can build a specific commit (see master's commits) by appending the commit hash with #<commit-hash>
to the command. For example:
docker build -t 2fauth/2fauth https://github.com/Bubka/2FAuth.git#fba9e29bd4e3bb697296bb0bde60ae869537528b
Build the image with build arguments
There are the following build arguments you can use to customize the image using --build-arg key=value
:
Build argument | Default | Description |
---|---|---|
UID |
1000 | The UID of the user to run the container as |
GID |
1000 | The GID of the user to run the container as |
DEBIAN_VERSION |
buster-slim |
The Debian version to use |
PHP_VERSION |
7.4-buster |
The PHP version to use to get composer dependencies |
COMPOSER_VERSION |
2.1 |
The version of composer to use |
SUPERVISORD_VERSION |
v0.7.3 |
The version of supervisord to use |
VERSION |
unknown |
The version of the image |
CREATED |
an unknown date |
The date of the image build time |
COMMIT |
unknown |
The commit hash of the Git commit used |
Mail settings
Build argument | Default | Description |
---|---|---|
MAIL_HOST | smtp.mailtrap.io | The SMTP hostname |
MAIL_PORT | 2525 | The coresponding SMTP port |
MAIL_FROM | changeme@example.com | The sender adress |
MAIL_USERNAME | null | The SMTP username |
MAIL_PASSWORD | null | The SMTP password |
Example:
...
-e MAIL_HOST=smtp.example.com
-e MAIL_PORT=587
-e MAIL_FROM=2fauth@example.com
-e MAIL_USERNAME=2fauth@example.com
-e MAIL_PASSWORD=password1234
Implementation details
- The final Docker image is based on
alpine:3.14
with minimal packages installed - The container runs
supervisord
to handle both an Nginx server and a PHP-FPM server together - The
/srv
directory holds the repository data and PHP code. - The
/2fauth
directory is targeted for the container end users. - By default the container logs the Nginx logs and the PHP-FPM logs. The application logs (if any) can be found in
/2fauth/storage/logs
.