a dockerized EGroupware development enviroment

doc/docker/development/Dockerfile

@@ -0,0 +1,82 @@
+################################################################################
+##
+## EGroupware FPM container using Ubuntu 18.04 and PHP 7.3 from ondrej/php PPA
+##
+################################################################################
+FROM ubuntu:18.04
+MAINTAINER rb@egroupware.org
+
+ARG VERSION=dev-master
+
+RUN apt-get update \
+	&& apt-get install -y software-properties-common \
+	&& LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php \
+	&& apt-get update \
+	&& bash -c "apt-get install -y php7.3-{cli,mysql,json,gd,xsl,bz2,opcache,apcu,tidy,zip,bcmath,mbstring,smbclient,ldap,curl,fpm,pgsql,gmp}" \
+	# fpm and php.ini settings
+	&& sed -e 's/^;\?listen \?=.*/listen = 9000/g' \
+		-e '/allowed_clients/d' \
+		-e '/pm.max_children/s/=.*/= 80/' \
+		-e '/catch_workers_output/s/^;/;/' \
+		-e '/error_log/d' \
+		-e 's/^;\?pm.max_requests =.*/pm.max_requests = 30/' \
+		-e 's/^;\?php_admin_value\[memory_limit\].*/php_admin_value[memory_limit] = 172M/' \
+		-e 's/^;\?request_terminate_timeout.*/request_terminate_timeout = 70m/' \
+		-i /etc/php/7.3/fpm/pool.d/www.conf \
+	&& sed 	-e 's/^;\?session.gc_maxlifetime.*/session.gc_maxlifetime = 14400/g' \
+		-e 's|^;\?date.timezone.*|date.timezone = UTC|g' \
+		-e 's|^;\?sys_temp_dir.*|sys_temp_dir = /tmp|g' \
+		-e 's|^;\?disable_functions.*|disable_functions = exec,passthru,shell_exec,system,proc_open,popen|g' \
+		-e 's|^;\?max_execution_time \?=.*|max_execution_time = 90|g' \
+		-e 's|^;\?upload_max_filesize \?=.*|upload_max_filesize = 64M|g' \
+		-e 's|^;\?post_max_size \?=.*|post_max_size = 65M|g' \
+		-e 's|^;\?max_input_vars \?=.*|max_input_vars = 2000|g' \
+		-e 's|^;\?zlib.output_compression \?=.*|zlib.output_compression = On|g' \
+		-e 's|^;\?opcache.validate_timestamps \?=.*|opcache.validate_timestamps=0|g' \
+		-i /etc/php/7.3/fpm/php.ini \
+	&& sed 	-e 's|^;\?date.timezone.*|date.timezone = UTC|g' \
+		-e 's|^;\?sys_temp_dir.*|sys_temp_dir = /tmp|g' \
+		-i /etc/php/7.3/cli/php.ini \
+	# create directory for pid file
+	&& mkdir -p /run/php \
+	# send logs to stderr to be viewed by docker logs
+	&& ln -s /dev/stderr /var/log/php7.3-fpm.log \
+	# install tools to build EGroupware
+	&& apt-get install -y rsync npm zip curl sudo cron patch \
+	&& npm install -g grunt-cli \
+	&& bash -c \
+'EXPECTED_SIGNATURE=$(curl https://composer.github.io/installer.sig); \
+curl https://getcomposer.org/installer > composer-setup.php; \
+ACTUAL_SIGNATURE=$(php -r "echo hash_file(\"sha384\", \"composer-setup.php\");"); \
+if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; \
+then \
+    >&2 echo "ERROR: Invalid Composer installer signature"; \
+    RESULT=1; \
+else \
+	php composer-setup.php --quiet --install-dir /usr/local/bin; \
+	RESULT=$?; \
+fi; \
+rm composer-setup.php; \
+exit $RESULT' \
+	# disable certificate checks for LDAP as most LDAP and AD servers have no "valid" cert
+	&& echo "TLS_REQCERT never" >> /etc/ldap/ldap.conf
+
+# install diverse developper tools, not installed above / in stock container
+RUN apt-get install -y php7.3-xdebug git vim yarn \
+	&& echo "xdebug.remote_enable=1" >> /etc/php/7.3/fpm/conf.d/20-xdebug.ini \
+	&& echo "xdebug.remote_port=9001" >> /etc/php/7.3/fpm/conf.d/20-xdebug.ini \
+	&& echo "xdebug.remote_host=172.17.0.1" >> /etc/php/7.3/fpm/conf.d/20-xdebug.ini \
+	&& ln -s /usr/local/bin/composer.phar /usr/local/bin/composer \
+	&& sed 	-e 's|^;\?opcache.validate_timestamps \?=.*|opcache.validate_timestamps=1|g' \
+		-i /etc/php/7.3/fpm/php.ini \
+	&& apt-get clean
+
+VOLUME /var/www
+VOLUME /var/lib/egroupware
+
+EXPOSE 9000
+
+ADD entrypoint.sh /
+
+CMD ["php-fpm7.3", "--nodaemonize"]
+ENTRYPOINT ["/entrypoint.sh"]

doc/docker/development/build.sh

@@ -0,0 +1,23 @@
+#!/bin/bash -x
+
+DEFAULT=$(git branch|grep ^*|cut -c3-)
+TAG=${1:-$DEFAULT}
+VERSION=$TAG
+BRANCH=$(echo $VERSION|sed 's/\.[0-9]\{8\}$//')
+[ $VERSION = $BRANCH ] && VERSION="$BRANCH.x-dev"
+
+cd $(dirname $0)
+
+docker pull ubuntu:18.04
+docker build --build-arg "VERSION=$VERSION" -t egroupware/development:$TAG . && {
+	docker push egroupware/development:$TAG
+	# tag only stable releases as latest
+	[ $TAG != "master" ] && {
+		docker tag egroupware/development:$TAG egroupware/development:latest
+		docker push egroupware/development:latest
+	}
+	[ "$BRANCH" != $VERSION -a "${BRANCH}.x-dev" != $VERSION ] && {
+		docker tag egroupware/development:$VERSION egroupware/development:$BRANCH
+		docker push egroupware/development:$BRANCH
+	}
+}

doc/docker/development/docker-compose.yml

@@ -0,0 +1,155 @@
+version: '3'
+volumes:
+  # data directory: here are the files stored (/var/lib/egroupware by default)
+  data:
+    driver_opts:
+      type: none
+      o: bind
+      # to upgrade an existing non-docker installation most easy is to use the existing
+      # data directory /var/lib/egroupware AND the host database see below
+      #device: /var/lib/egroupware
+      # otherwise data is stored in data subdirectory of the current directory
+      device: $PWD/data
+  # sources directory or document root mounted as /var/www inside the container
+  sources:
+    driver_opts:
+      type: none
+      o: bind
+      # use this if you have an existing document root with an egroupware directory inside
+      #device: /var/www
+      # otherwise sources/document is stored in sources subdirectory of current directory
+      device: $PWD/sources
+  # sources for push server, swoolpush subdirectory of egroupware
+  sources-push:
+    driver_opts:
+      type: none
+      o: bind
+      device: $PWD/sources/egroupware/swoolpush
+  # for Mac and Windows, do NOT use a directory for the DB, as the Docker host is in a VM!
+  db:
+  sessions:
+  # cache files from compose, npm and yarn (actually /root inside the container)
+  cache:
+services:
+  egroupware:
+    image: egroupware/development:master
+    # setting a default language for a new installation
+    #environment:
+    #- LANG=de
+    volumes:
+    - sources:/var/www
+    - data:/var/lib/egroupware
+    - sessions:/var/lib/php/sessions
+    - cache:/root
+    # if you want to use the host database:
+    # 1. comment out the whole db service below AND
+    # 2. set EGW_DB_HOST=localhost AND
+    # 3. uncomment the next line and modify the host path (first one), it depends on your distro:
+    #    - RHEL/CentOS   /var/lib/mysql/mysql.sock
+    #    - openSUSE/SLE  /var/run/mysql/mysql.sock
+    #    - Debian/Ubuntu /var/run/mysqld/mysqld.sock
+    #- /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock
+    environment:
+    #
+    # MariaDB/MySQL host to use: for internal service use "db", for host database (socket bind-mounted into container) use "localhost"
+    - EGW_DB_HOST=db
+    # grant host is needed for NOT using localhost / unix domain socket for MySQL/MariaDB
+    - EGW_DB_GRANT_HOST=172.%
+    # for internal db service you should to specify a root password here AND in db service
+    # a database "egroupware" with a random password is created for you on installation (password is stored in header.inc.php in data directory)
+    #- EGW_DB_ROOT=root
+    - EGW_DB_ROOT_PW=secret
+    # alternativly you can specify an already existing database with full right by the given user!
+    #- EGW_DB_NAME=egroupware
+    #- EGW_DB_USER=egroupware
+    #- EGW_DB_PASS=
+    #
+    # further post_install.php arguments can be passed as a single enviroment variable with space separated assignments
+    # "<name1>=<value1> <name2>=<value2>" see https://github.com/EGroupware/egroupware/blob/master/doc/rpm-build/post_install.php#L17
+    # to configure eg. LDAP for authentication and account storage use
+    #- EGW_POST_INSTALL='account-auth=ldap,ldap ldap_base=ou=egroupware,dc=example,dc=org ldap_host=tls://ldap.example.org ldap_admin=cn=admin,$base ldap_admin_pw=secret ldap_context=cn=users,$base ldap_group_context=cn=groups,$base'
+    #
+    # extra non-default apps (need to start with EGW_EXTRA_APP!)
+    #
+    # new push server not yet in composer.json
+    - EGW_EXTRA_APP_PUSH=https://github.com/EGroupware/swoolepush.git
+    # EPL apps (need extra credentials!)
+    #- EGW_EXTRA_APPS_EPL=https://github.com/EGroupwareGmbH/epl.git https://github.com/EGroupwareGmbH/esyncpro.git https://github.com/EGroupwareGmbH/policy.git https://github.com/EGroupwareGmbH/webauthn.git
+    # old Wiki
+    - EGW_EXTRA_APP_WIKI=https://github.com/EGroupware/wiki.git
+    # old API and eTemplate(1)
+    - EGW_EXTRA_APP_OLDAPI=https://github.com/EGroupware/phpgwapi.git https://github.com/EGroupware/etemplate.git
+    #
+    # XDEBUG_REMOTE_HOST need to be set, if the host running the IDE is different from 172.17.0.1 (Mac can use docker.for.mac.localhost)
+    - XDEBUG_REMOTE_HOST=docker.for.mac.localhost
+
+    restart: always
+    depends_on:
+    - db
+    container_name: egroupware
+    # set the ip-address of your docker host AND your official DNS name so EGroupware
+    # can access Rocket.Chat or Collabora without the need to go over your firewall
+    #extra_hosts:
+    #- "my.host.name:ip-address"
+
+  nginx:
+    image: nginx:stable-alpine
+    volumes:
+    - sources:/var/www:ro
+    # to add a certificate create a certificate.pem containing (in that order)
+    # 1. private key
+    # 2. public key
+    # 3. (optional) chain certificates
+    # uncomment to the next line
+    # ./certificate.pem:/etc/ssl/private/certificate.pem
+    # AND uncomment the three lines starting with "listen 443", "ssl_certificate", "ssl_certificate_key" in nginx.conf
+    - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
+    ports:
+    # if no webserver is running on the host, change (first) number to 80 or 443
+    - "8080:80"
+    - "4443:443"
+    depends_on:
+    - egroupware
+    container_name: egroupware-nginx
+
+  # run an own MariaDB:10.4 (you can use EGroupware's database backup and restore to add your existing database)
+  db:
+    image: mariadb
+    environment:
+    #- MYSQL_ROOT=root
+    - MYSQL_ROOT_PASSWORD=secret
+    volumes:
+    - db:/var/lib/mysql
+    container_name: egroupware-db
+
+  # push server using phpswoole
+  #push:
+  #  image: phpswoole/swoole:latest-dev
+  #  volumes:
+  #  - sources-push:/var/www
+  #  - sessions:/var/lib/php/sessions
+  #  container_name: egroupware-push
+
+  # automatic updates of all containers daily at 4am
+  # see https://containrrr.github.io/watchtower for more information
+  watchtower:
+    image: containrrr/watchtower
+    volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+    # For automatic EPL Updates (not necessary for CE!) you need to pass docker
+    # credentials into watchtower after running: docker login download.egroupware.org
+    #- /root/.docker/config.json:/config.json:ro
+    environment:
+    - WATCHTOWER_CLEANUP=true # delete old image after update to not fill up the disk
+    # for email notifications add your email and mail-server here
+    #- WATCHTOWER_NOTIFICATIONS=email
+    #- WATCHTOWER_NOTIFICATIONS_LEVEL=info # possible values: panic, fatal, error, warn, info or debug
+    #- WATCHTOWER_NOTIFICATION_EMAIL_FROM="watchtower@my-domain.com"
+    #- WATCHTOWER_NOTIFICATION_EMAIL_TO="me@my-domain.com"
+    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER="mail.my-domain.com" # if you give your MX here, you need no user/password
+    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=25
+    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER="watchtower@my-domain.com"
+    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="secret"
+    command: --schedule "0 0 4 * * *"
+    container_name: egroupware-watchtower
+    restart: always

doc/docker/development/entrypoint.sh

@@ -0,0 +1,116 @@
+#!/bin/bash
+set -ex
+
+VERSION=${VERSION:-dev-master}
+
+# if EGW_SESSION_TIMEOUT is set in environment, propagate value to php.ini
+test -n "$EGW_SESSION_TIMEOUT" && test "$EGW_SESSION_TIMEOUT" -ge 1440 &&
+	sed -e "s/^;\?session.gc_maxlifetime.*/session.gc_maxlifetime = $EGW_SESSION_TIMEOUT/g" \
+		-i /etc/php/7.3/fpm/php.ini
+
+# if XDEBUG_REMOTE_HOST is set, patch it into xdebug config
+test -n "$XDEBUG_REMOTE_HOST" && \
+	sed -e "s/^xdebug.remote_host.*/xdebug.remote_host=$XDEBUG_REMOTE_HOST/g" \
+		-i /etc/php/7.3/fpm/conf.d/*xdebug.ini
+
+# downgrade composer to 1.8.6, as 1.9.x does not work with "dev-master" version :(
+composer selfupdate 1.8.6
+
+# installation fails without git identity
+git config --global user.email || git config --global user.email "you@example.com"
+
+# install EGroupware sources, if not already there
+[ -f /var/www/egroupware/header.inc.php ] || {
+	cd /var/www \
+	&& ln -sf egroupware/api/templates/default/images/favicon.ico \
+	&& composer.phar create-project --prefer-source --keep-vcs --no-scripts egroupware/egroupware:$VERSION \
+	&& cd egroupware \
+	&& ./install-cli.php \
+	&& ln -sf /var/lib/egroupware/header.inc.php \
+	&& sed -e 's/apache/www-data/' -e 's|/usr/share|/var/www|g' doc/rpm-build/egroupware.cron > /etc/cron.d/egroupware
+}
+
+# check if we have further apps to install (EPL or old ones ...)
+cd /var/www/egroupware
+for url in $(env|grep ^EGW_EXTRA_APP|cut -d= -f2)
+do
+	app=$(basename $url .git)
+	[ $app == "epl" ] && app=stylite
+	[ -d $app ] || {
+		git clone $url $app \
+		&& (cd $app; git remote set-url --push origin $(echo $url|sed 's|https://github.com/|git@github.com:|')) \
+		&& [ -f header.inc.php ] && doc/rpm-build/post_install.php --install-app $(basename $url .git) \
+		|| true # do not stop, if one clone fails
+	}
+done
+
+# install phpMyAdmin sources, if not already there
+[ -d /var/www/phpmyadmin ] || {
+	cd /var/www \
+	&& composer.phar create-project --prefer-source --keep-vcs --no-scripts phpmyadmin/phpmyadmin \
+	&& cd phpmyadmin \
+	&& yarn install || true
+}
+[ -f /var/www/phpmyadmin/config.inc.php ] || {
+	cd /var/www/phpmyadmin \
+	&& blowfish_secret=$(php -r "echo base64_encode(random_bytes(24));") \
+	&& sed -e "s/localhost/db/g" \
+		-e "s/cfg\['blowfish_secret'\] = '';/cfg['blowfish_secret'] = '$blowfish_secret';/g" \
+		config.sample.inc.php > config.inc.php
+}
+
+# create data directory
+[ -d /var/lib/egroupware/default ] || {
+	mkdir -p /var/lib/egroupware/default/files/sqlfs \
+	&& mkdir -p /var/lib/egroupware/default/backup \
+	&& chown -R www-data:www-data /var/lib/egroupware \
+	&& chmod 700 /var/lib/egroupware/
+}
+
+# add private CA so egroupware can validate your certificate to talk to Collabora or Rocket.Chat
+test -f /usr/local/share/ca-certificates/private-ca.crt &&
+	update-ca-certificates
+
+# write install-log in /var/lib/egroupware (only readable by root!)
+LOG=/var/lib/egroupware/egroupware-docker-install.log
+touch $LOG
+chmod 600 $LOG
+
+max_retries=10
+export try=0
+# EGW_SKIP_INSTALL=true skips initial installation (no header.inc.php yet)
+until [ -n "$EGW_SKIP_INSTALL" -a ! -f /var/www/egroupware/header.inc.php ] || \
+	php /var/www/egroupware/doc/rpm-build/post_install.php \
+	--start_webserver "" --autostart_webserver "" \
+	--start_db "" --autostart_db "" \
+	--db_type "${EGW_DB_TYPE:-mysqli}" \
+	--db_host "${EGW_DB_HOST:-localhost}" \
+	--db_grant_host "${EGW_DB_GRANT_HOST:-localhost}" \
+	--db_root "${EGW_DB_ROOT:-root}" \
+	--db_root_pw   "${EGW_DB_ROOT_PW:-}" \
+	--db_name "${EGW_DB_NAME:-egroupware}" \
+	--db_user "${EGW_DB_USER:-egroupware}" \
+	--db_pass "${EGW_DB_PASS:-}"
+do
+	if [ "$try" -gt "$max_retries" ]; then
+		echo "Installing of EGroupware failed!"
+		break
+	fi
+	echo "Retrying EGroupware installation in 3 seconds ..."
+	try=$((try+1))
+	sleep 3s
+done 2>&1 | tee -a $LOG
+
+[ "$(git config --global user.email)" == "you@example.com" ] && {
+	echo "No git user set, please do so by running:"
+	echo "git config --global user.email "your@email.address"
+	echo "git config --global user.name "Your Name"
+}
+
+# as we can NOT exit from until (runs a subshell), we need to check and do it here
+[ "$(tail -1 $LOG)" = "Installing of EGroupware failed!" ] && exit 1
+
+# to run async jobs
+service cron start
+
+exec "$@"

doc/docker/development/nginx.conf

@@ -0,0 +1,117 @@
+# stuff for http block
+client_max_body_size 1g;
+# fix error: upstream sent too big header while reading response header from upstream
+fastcgi_buffers 16 16k;
+fastcgi_buffer_size 32k;
+
+upstream fpm {
+	server egroupware:9000;
+}
+
+server {
+	access_log off;
+
+	listen 80 default_server;
+
+	# ssl config (enable following line plus either include or ssl_certificate* line)
+	#listen 443 ssl http2 default_server;
+	#include snippets/snakeoil.conf;	# requires ssl-certs package installed!
+	# concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem
+	#ssl_certificate /etc/ssl/private/certificate.pem;
+	#ssl_certificate_key /etc/ssl/private/certificate.pem;
+	# HTTP Strict-Transport-Security header (start with a short max-age!)
+	#add_header Strict-Transport-Security max-age=31536000;	# 31536000sec=1year
+
+	server_name _;
+	root /var/www;
+
+	index index.php index.html index.htm;
+
+	# other settings
+	client_max_body_size 65M;
+
+	# EGroupware installed in /var/www/egroupware
+	location ^~ /egroupware {
+		alias  /var/www/egroupware/;
+		try_files $uri $uri/ =404;
+		location ~ ^/egroupware(/(?U).+\.php) {
+			# do not allow to call files ment to be included only
+			#location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ {
+			#	return 403;
+			#}
+			alias  /var/www/egroupware;
+			fastcgi_pass fpm;
+			# added to support WebDAV/CalDAV/CardDAV
+			fastcgi_read_timeout 60m;
+			fastcgi_index  index.php;
+			fastcgi_split_path_info ^((?U).+\.php)(.*)$;
+			fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+			fastcgi_param  PATH_INFO          $fastcgi_path_info;
+			fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
+			# standard Nginx
+			include fastcgi_params;
+			fastcgi_param SCRIPT_FILENAME /var/www/egroupware$1;
+			fastcgi_param DOCUMENT_ROOT /var/www/html;
+		}
+		location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ {
+			access_log off;
+			expires 10d;
+			add_header Pragma public;
+			add_header Cache-Control "public";
+			location ~ ^/egroupware(/.*)$ {
+				alias /var/www/egroupware/;
+				try_files $1 =404;
+			}
+		}
+	}
+
+	# push-server
+	#location /egroupware/push {
+	#	proxy_http_version 1.1;
+	#	proxy_set_header Host $http_host;
+	#	proxy_set_header Upgrade $http_upgrade;
+	#	proxy_set_header Connection "Upgrade";
+	#	proxy_pass http://push:9501;
+	#}
+
+	# PHP in docroot
+	location ~ [^/]\.php(/|$) {
+		fastcgi_split_path_info ^(.+?\.php)(.*)$;
+		if (!-f $document_root$fastcgi_script_name) {
+			return 404;
+		}
+		fastcgi_pass fpm;
+		fastcgi_read_timeout 60m;
+		fastcgi_index index.php;
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+		fastcgi_param SCRIPT_NAME        $fastcgi_script_name;
+		fastcgi_param PATH_INFO          $fastcgi_path_info;
+	}
+
+	# ActiveSync support
+	location /Microsoft-Server-ActiveSync {
+		fastcgi_pass fpm;
+		# added to support WebDAV/CalDAV/CardDAV
+		fastcgi_read_timeout 60m;
+		fastcgi_index  index.php;
+		fastcgi_split_path_info ^((?U).+\.php)(.*)$;
+		fastcgi_param  PATH_INFO          $fastcgi_path_info;
+		fastcgi_param  PATH_TRANSLATED    $document_root$fastcgi_path_info;
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME /var/www/egroupware/activesync/index.php;
+	}
+	# CalDAV & CardDAV autoconfig
+	location ~ ^/.well-known/(caldav|carddav)$ {
+		return 301 $scheme://$http_host/egroupware/groupdav.php/;
+	}
+	location ~ ^(/principals/users/.*)$ {
+		return 301 $scheme://$http_host/egroupware/groupdav.php$1;
+	}
+	# Nginx does NOT use index for OPTIONS requests breakng WebDAV
+	# for Windows, which sends OPTIONS / and stalls on Nginx 405 response!
+	# This also redirects all requests to root to EGroupware.
+	location = / {
+		return 301 $scheme://$http_host/egroupware/index.php;
+	}
+}