no need for development container in stable branch

This commit is contained in:
Ralf Becker 2020-06-28 07:59:19 +02:00
parent 2585036c89
commit 248e3b6af7
6 changed files with 0 additions and 731 deletions

View File

@ -1,90 +0,0 @@
################################################################################
##
## EGroupware FPM container using Ubuntu 18.04 and PHP from ondrej/php PPA
##
################################################################################
FROM ubuntu:18.04
MAINTAINER rb@egroupware.org
ARG VERSION=dev-master
ARG PHP_VERSION=7.3
# keeping build-arg in environment for entrypoint.sh
ENV VERSION=$VERSION
ENV PHP_VERSION=$PHP_VERSION
RUN apt-get update \
&& apt-get install -y software-properties-common \
&& LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php \
&& apt-get update \
&& bash -c "apt-get install -y php$PHP_VERSION-{cli,mysql,json,gd,xsl,bz2,opcache,apcu,tidy,zip,bcmath,mbstring,smbclient,ldap,curl,fpm,pgsql,gmp}" \
# fpm and php.ini settings
&& sed -e 's/^;\?listen \?=.*/listen = 9000/g' \
-e '/allowed_clients/d' \
-e '/pm.max_children/s/=.*/= 80/' \
-e '/catch_workers_output/s/^;/;/' \
-e '/error_log/d' \
-e 's/^;\?pm.max_requests =.*/pm.max_requests = 30/' \
-e 's/^;\?php_admin_value\[memory_limit\].*/php_admin_value[memory_limit] = 172M/' \
-e 's/^;\?request_terminate_timeout.*/request_terminate_timeout = 70m/' \
-i /etc/php/$PHP_VERSION/fpm/pool.d/www.conf \
&& sed -e 's/^;\?session.gc_maxlifetime.*/session.gc_maxlifetime = 14400/g' \
-e 's|^;\?date.timezone.*|date.timezone = UTC|g' \
-e 's|^;\?sys_temp_dir.*|sys_temp_dir = /tmp|g' \
-e 's|^;\?disable_functions.*|disable_functions = exec,passthru,shell_exec,system,proc_open,popen|g' \
-e 's|^;\?max_execution_time \?=.*|max_execution_time = 90|g' \
-e 's|^;\?upload_max_filesize \?=.*|upload_max_filesize = 64M|g' \
-e 's|^;\?post_max_size \?=.*|post_max_size = 65M|g' \
-e 's|^;\?max_input_vars \?=.*|max_input_vars = 5000|g' \
-e 's|^;\?zlib.output_compression \?=.*|zlib.output_compression = On|g' \
-e 's|^;\?opcache.validate_timestamps \?=.*|opcache.validate_timestamps=0|g' \
-i /etc/php/$PHP_VERSION/fpm/php.ini \
&& sed -e 's|^;\?date.timezone.*|date.timezone = UTC|g' \
-e 's|^;\?sys_temp_dir.*|sys_temp_dir = /tmp|g' \
-i /etc/php/$PHP_VERSION/cli/php.ini \
# create directory for pid file
&& mkdir -p /run/php \
# send logs to stderr to be viewed by docker logs
&& ln -s /dev/stderr /var/log/php$PHP_VERSION-fpm.log \
# install tools to build EGroupware
&& apt-get install -y rsync npm zip curl sudo cron patch \
&& npm install -g grunt-cli \
&& bash -c \
'EXPECTED_SIGNATURE=$(curl https://composer.github.io/installer.sig); \
curl https://getcomposer.org/installer > composer-setup.php; \
ACTUAL_SIGNATURE=$(php -r "echo hash_file(\"sha384\", \"composer-setup.php\");"); \
if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; \
then \
>&2 echo "ERROR: Invalid Composer installer signature"; \
RESULT=1; \
else \
php composer-setup.php --quiet --install-dir /usr/local/bin; \
RESULT=$?; \
fi; \
rm composer-setup.php; \
exit $RESULT' \
# disable certificate checks for LDAP as most LDAP and AD servers have no "valid" cert
&& echo "TLS_REQCERT never" >> /etc/ldap/ldap.conf
# install diverse developper tools, not installed above / in stock container
RUN apt-get install -y php$PHP_VERSION-cli php-xdebug inetutils-ping iproute2 git vim yarn \
&& echo "xdebug.remote_enable=1" >> /etc/php/$PHP_VERSION/fpm/conf.d/20-xdebug.ini \
&& echo "xdebug.remote_port=9001" >> /etc/php/$PHP_VERSION/fpm/conf.d/20-xdebug.ini \
&& echo "xdebug.remote_host=172.17.0.1" >> /etc/php/$PHP_VERSION/fpm/conf.d/20-xdebug.ini \
&& ln -s /usr/local/bin/composer.phar /usr/local/bin/composer \
&& sed -e 's|^;\?opcache.validate_timestamps \?=.*|opcache.validate_timestamps=1|g' \
-i /etc/php/$PHP_VERSION/fpm/php.ini \
&& apt-get clean \
&& update-alternatives --install /usr/sbin/php-fpm php-fpm /usr/sbin/php-fpm$PHP_VERSION 5
VOLUME /var/www
VOLUME /var/lib/egroupware
VOLUME /var/lib/php/sessions
VOLUME /var/lib/egroupware-push
EXPOSE 9000
ADD entrypoint.sh /
CMD ["php-fpm", "--nodaemonize"]
ENTRYPOINT ["/entrypoint.sh"]

View File

@ -1,56 +0,0 @@
# EGroupware development enviroment as Docker container
The container and docker-compose.yml file in this directory are the most easy way to get a full development enviroment for EGroupware.
### It defines and uses the following volumes:
* sources: document root of the webserver, by default $PWD/sources subdirectory, can also be your existing document root
* data: EGroupware stores it's files here, by default $PWD/data subdirectory, can also be your existing /var/lib/egroupware
* db: volume for MariaDB (should be NOT a directory under Mac OS and Windows for performance reasons!)
* sessions: volume for sessions, internal no need to change
* sources-push: swoolpush sub-directory of sources
* collabora-config: /etc/loolwsd for Collabora container, by default $PWD/data/default/loolwsd
* rocketchat-uploads: Upload directory for Rocket.Chat, by default $PWD/data/default/rocketchat/uploads
* rocketchat-dumps: Dump directory for MongoDB, by default $PWD/data/default/rocketchat/dump
### It runs the following containers:
* egroupware: php-fpm
* egroupware-nginx: Nginx
* egroupware-db: MariaDB
* egroupware-push: PHP Swoole based push server
* egroupware-watchtower: to automatic keeps the containers up to date
* collabora: Collabora Online Office
* rocketchat: Rocket.Chat
* rocketchat-mongo: MongoDB for Rocket.Chat
### Usage:
```
mkdir dev && cd dev
wget https://raw.githubusercontent.com/EGroupware/egroupware/master/doc/docker/development/docker-compose.yml
wget https://raw.githubusercontent.com/EGroupware/egroupware/master/doc/docker/development/nginx.conf
mkdir sources data
# edit docker-compose.yml to fit your needs eg.
# ports to use for Nginx / the webserver, by default 8080 and 4443
# xdebug port, default 9001 (NOT 9000!)
# IDE host, default XDEBUG_REMOTE_HOST=docker.for.mac.localhost
docker-compose up -d
```
* It will install EGroupware master and phpMyAdmin in egroupware / phpmyadmin subdirectory of sources volume, if not already there
* Credentials for a new install can be found in data:egroupware-docker-install.log
* Use the following to tail the webserver error.log
```
docker logs -f egroupware-nginx 2>&1 | sed "s/PHP message/\\$(echo -e '\n\r')PHP message/g"
```
### Docker Desktop for Mac notes
* directories of volumes must be exported to Docker, by default only your home-directory is!
* permissions of sources and data directory must be readable (sources writable) by your user, as Docker daemon runs as that user!
* db volume must NOT be a directory, as the networked access from Docker VM to the Mac is to slow!
### Docker Desktop for Windows notes
* you can NOT use $PWD to reference the docker-compose directory, use the full path with forward slashes!
* directories of volumes must be exported to Docker!
* db volume must NOT be a directory, as the networked access from Docker VM to Windows is to slow!
### Docker on Linux
* permissions of sources and data directory must be readable (sources writable) by www-data user (#33)

View File

@ -1,47 +0,0 @@
#!/bin/bash -x
REPO=egroupware
IMAGE=development
BASE=ubuntu:18.04
RECOMMENDED_PHP_VERSION=7.3
PHP_VERSION=${1:-7.3}
TAG=$(docker run --rm -i --entrypoint bash $REPO/$IMAGE -c "apt update && apt search php$PHP_VERSION-fpm" 2>/dev/null|grep php$PHP_VERSION-fpm|sed "s|^php$PHP_VERSION-fpm/bionic.?*\(7\.[0-9]*\.[0-9]*\).*|\1|g")
test -z "$TAG" && {
echo "Can't get new tag of $REPO/$IMAGE container --> existing"
exit 1
}
DEFAULT=$(git branch|grep ^*|cut -c3-)
VERSION=${2:-$DEFAULT}
BRANCH=$(echo $VERSION|sed 's/\.[0-9]\{8\}$//')
[ $VERSION = $BRANCH ] && VERSION="$BRANCH.x-dev"
[ $BRANCH != "master" ] && {
TAG=$BRANCH-$TAG
}
[ $BRANCH = "master" ] && {
TAG=master
VERSION=dev-master
}
echo -e "\nbuilding $REPO/$IMAGE:$TAG\n"
cd $(dirname $0)
docker pull $BASE
docker build --build-arg "VERSION=$VERSION" --build-arg="PHP_VERSION=$PHP_VERSION" -t $REPO/$IMAGE:$TAG . && {
docker push $REPO/$IMAGE:$TAG
# tag by major PHP version eg. 7.3
docker tag $REPO/$IMAGE:$TAG $REPO/$IMAGE:$PHP_VERSION
docker push $REPO/$IMAGE:$PHP_VERSION
# tag only recommended PHP version as latest and $BRANCH (eg. master)
[ $BRANCH = "master" -a $PHP_VERSION = $RECOMMENDED_PHP_VERSION ] && {
docker tag $REPO/$IMAGE:$TAG $REPO/$IMAGE:latest
docker push $REPO/$IMAGE:latest
docker tag $REPO/$IMAGE:$TAG $REPO/$IMAGE:$BRANCH
docker push $REPO/$IMAGE:$BRANCH
}
}

View File

@ -1,267 +0,0 @@
version: '3'
volumes:
# data directory: here are the files stored (/var/lib/egroupware by default)
data:
driver_opts:
type: none
o: bind
# to upgrade an existing non-docker installation most easy is to use the existing
# data directory /var/lib/egroupware AND the host database see below
#device: /var/lib/egroupware
# otherwise data is stored in data subdirectory of the current directory
device: $PWD/data
# sources directory or document root mounted as /var/www inside the container
sources:
driver_opts:
type: none
o: bind
# use this if you have an existing document root with an egroupware directory inside
#device: /var/www
# otherwise sources/document is stored in sources subdirectory of current directory
device: $PWD/sources
# sources for push server, swoolpush subdirectory of egroupware
sources-push:
driver_opts:
type: none
o: bind
device: $PWD/sources/egroupware/swoolepush
# volume to store config.inc.php file / token shared between egroupware and push container
push-config:
# collabora-config
collabora-config:
driver_opts:
type: none
o: bind
# to upgrade an existing non-docker installation most easy is to use the existing
# data directory /var/lib/egroupware AND the host database see below
#device: /var/lib/egroupware/default/loolwsd
# otherwise data is stored in data subdirectory of the current directory
device: $PWD/data/default/loolwsd
# for Mac and Windows, do NOT use a directory for the DB, as the Docker host is in a VM!
db:
sessions:
# cache files from compose, npm and yarn (actually /root inside the container)
cache:
# store Rocket.Chat MongoDB on an (internal) Volume
mongo:
# directory to store MongoDB dumps
rocketchat-dumps:
driver_opts:
type: none
o: bind
device: $PWD/data/default/rocketchat/dump
rocketchat-uploads:
driver_opts:
type: none
o: bind
device: $PWD/data/default/rocketchat/uploads
services:
egroupware:
# you can also use tags like: 7.3, 7.3.12 or 7.4
image: egroupware/development:master
# setting a default language for a new installation
#environment:
#- LANG=de
volumes:
- sources:/var/www
- data:/var/lib/egroupware
- sessions:/var/lib/php/sessions
- cache:/root
- push-config:/var/lib/egroupware-push
# if you want to use the host database:
# 1. comment out the whole db service below AND
# 2. set EGW_DB_HOST=localhost AND
# 3. uncomment the next line and modify the host path (first one), it depends on your distro:
# - RHEL/CentOS /var/lib/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
# - openSUSE/SLE /var/run/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
# - Debian/Ubuntu /var/run/mysqld:/var/run/mysqld
#- /var/run/mysqld:/var/run/mysqld
# private CA so egroupware can validate your certificate to talk to Collabora or Rocket.Chat
# multiple certificates (eg. a chain) have to be single files in a directory, with one named private-ca.crt!
#- /etc/egroupware-docker/private-ca.crt:/usr/local/share/ca-certificates/private-ca.crt:ro
environment:
#
# MariaDB/MySQL host to use: for internal service use "db", for host database (socket bind-mounted into container) use "localhost"
- EGW_DB_HOST=db
# grant host is needed for NOT using localhost / unix domain socket for MySQL/MariaDB
- EGW_DB_GRANT_HOST=172.%
# for internal db service you should to specify a root password here AND in db service
# a database "egroupware" with a random password is created for you on installation (password is stored in header.inc.php in data directory)
#- EGW_DB_ROOT=root
- EGW_DB_ROOT_PW=secret
# alternativly you can specify an already existing database with full right by the given user!
#- EGW_DB_NAME=egroupware
#- EGW_DB_USER=egroupware
#- EGW_DB_PASS=
#
# further post_install.php arguments can be passed as a single enviroment variable with space separated assignments
# "<name1>=<value1> <name2>=<value2>" see https://github.com/EGroupware/egroupware/blob/master/doc/rpm-build/post_install.php#L17
# to configure eg. LDAP for authentication and account storage use
#- EGW_POST_INSTALL='account-auth=ldap,ldap ldap_base=ou=egroupware,dc=example,dc=org ldap_host=tls://ldap.example.org ldap_admin=cn=admin,$base ldap_admin_pw=secret ldap_context=cn=users,$base ldap_group_context=cn=groups,$base'
#
# extra non-default apps (need to start with EGW_EXTRA_APP!)
#
# new push server not yet in composer.json
- EGW_EXTRA_APP_PUSH=https://github.com/EGroupware/swoolepush.git
# EPL apps (need extra credentials!)
#- EGW_EXTRA_APPS_EPL=https://github.com/EGroupwareGmbH/epl.git https://github.com/EGroupwareGmbH/esyncpro.git https://github.com/EGroupwareGmbH/policy.git https://github.com/EGroupwareGmbH/webauthn.git
# old Wiki
- EGW_EXTRA_APP_WIKI=https://github.com/EGroupware/wiki.git
# old API and eTemplate(1)
- EGW_EXTRA_APP_OLDAPI=https://github.com/EGroupware/phpgwapi.git https://github.com/EGroupware/etemplate.git
#
# XDEBUG_REMOTE_HOST need to be set, if the host running the IDE is different from 172.17.0.1 (Mac can use docker.for.mac.localhost)
- XDEBUG_REMOTE_HOST=docker.for.mac.localhost
restart: always
depends_on:
- db
container_name: egroupware
# set the ip-address of your docker host AND your official DNS name so EGroupware
# can access Rocket.Chat or Collabora without the need to go over your firewall
#extra_hosts:
#- "my.host.name:ip-address"
nginx:
image: nginx:stable-alpine
volumes:
- sources:/var/www:ro
# to add a certificate create a certificate.pem containing (in that order)
# 1. private key
# 2. public key
# 3. (optional) chain certificates
# uncomment to the next line
# ./certificate.pem:/etc/ssl/private/certificate.pem
# AND uncomment the three lines starting with "listen 443", "ssl_certificate", "ssl_certificate_key" in nginx.conf
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
ports:
# if no webserver is running on the host, change (first) number to 80 or 443
- "8080:80"
- "4443:443"
depends_on:
- egroupware
- collabora-key
- rocketchat
container_name: egroupware-nginx
# run an own MariaDB:10.4 (you can use EGroupware's database backup and restore to add your existing database)
db:
image: mariadb
environment:
#- MYSQL_ROOT=root
- MYSQL_ROOT_PASSWORD=secret
volumes:
- db:/var/lib/mysql
container_name: egroupware-db
# make mysql also available on the host
#ports:
#- "3306:3306"
# push server using phpswoole
push:
image: phpswoole/swoole:latest-dev
volumes:
- sources-push:/var/www
- sessions:/var/lib/php/sessions
- push-config:/var/lib/egroupware-push
container_name: egroupware-push
# automatic updates of all containers daily at 4am
# see https://containrrr.github.io/watchtower for more information
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# For automatic EPL Updates (not necessary for CE!) you need to pass docker
# credentials into watchtower after running: docker login download.egroupware.org
#- /root/.docker/config.json:/config.json:ro
environment:
- WATCHTOWER_CLEANUP=true # delete old image after update to not fill up the disk
# for email notifications add your email and mail-server here
#- WATCHTOWER_NOTIFICATIONS=email
#- WATCHTOWER_NOTIFICATIONS_LEVEL=info # possible values: panic, fatal, error, warn, info or debug
#- WATCHTOWER_NOTIFICATION_EMAIL_FROM="watchtower@my-domain.com"
#- WATCHTOWER_NOTIFICATION_EMAIL_TO="me@my-domain.com"
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER="mail.my-domain.com" # if you give your MX here, you need no user/password
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=25
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER="watchtower@my-domain.com"
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="secret"
command: --schedule "0 0 4 * * *"
container_name: egroupware-watchtower
restart: always
# Collabora Online Office
collabora-key:
image: "quay.io/egroupware/collabora-key:stable"
#image: collabora/code:latest
# needs to be initialised via: docker run --rm -v dev_collabora-config:/mnt --entrypoint '/bin/cp -r /etc/loolwsd /mnt' quay.io/egroupware/collabora-key:stable
volumes:
- collabora-config:/etc/loolwsd
# dont try to regenerate the (not used certificate) as volumn is readonly
environment:
- DONT_GEN_SSL_CERT=1
restart: always
container_name: collabora-key
# set the ip-address of your docker host AND your official DNS name so Collabora
# can access EGroupware without the need to go over your firewall
#extra_hosts:
#- "my.host.name:ip-address"
# Rocket.Chat server
rocketchat:
image: rocketchat/rocket.chat:latest
command: bash -c 'for i in `seq 1 30`; do node main.js && s=$$? && break || s=$$?; echo "Tried $$i times. Waiting 5 secs..."; sleep 5; done; (exit $$s)'
restart: unless-stopped
volumes:
- rocketchat-uploads:/app/uploads
# if EGroupware uses a certificate from a private CA, OAuth authentication will fail, you need to:
# - have the CA certificate stored at /etc/egroupware-docker/private-ca.crt
# - uncomment the next 2 lines about the private CA:
# - /etc/egroupware-docker/private-ca.crt:/usr/local/share/ca-certificates/private-ca.crt:ro
environment:
# - NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/private-ca.crt
# IMPORTANT: change ROOT_URL to your actual url eg. https://domain.com/rocketchat
- ROOT_URL=http://localhost/rocketchat
- PORT=3000
- MONGO_URL=mongodb://mongo:27017/rocketchat
- MONGO_OPLOG_URL=mongodb://mongo:27017/local
# - HTTP_PROXY=http://proxy.domain.com
# - HTTPS_PROXY=http://proxy.domain.com
depends_on:
- mongo
container_name: rocketchat
# set the ip-address of your docker host AND your official DNS name so Rocket.Chat
# can access EGroupware without the need to go over your firewall
#extra_hosts:
#- "my.host.name:ip-address"
# MongoDB for Rocket.Chat
mongo:
image: mongo:4.0
restart: unless-stopped
volumes:
- mongo:/data/db
- rocketchat-dumps:/dump
command: mongod --smallfiles --oplogSize 128 --replSet rs0 --storageEngine=mmapv1
container_name: rocketchat-mongo
# this container's job is just run the command to initialize the replica set.
# it will run the command and remove himself (it will not stay running)
mongo-init-replica:
image: mongo:4.0
command: 'bash -c "for i in `seq 1 30`; do mongo mongo/rocketchat --eval \"rs.initiate({ _id: ''rs0'', members: [ { _id: 0, host: ''localhost:27017'' } ]})\" && s=$$? && break || s=$$?; echo \"Tried $$i times. Waiting 5 secs...\"; sleep 5; done; (exit $$s)"'
depends_on:
- mongo
# Portainer: Docker GUI (needs to be enabled in nginx.conf too!)
# portainer:
# image: portainer/portainer
# command: -H unix:///var/run/docker.sock
# restart: always
# ports:
# - 9000:9000
# - 8000:8000
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock
# - portainer_data:/data
# container_name: portainer

View File

@ -1,117 +0,0 @@
#!/bin/bash
set -ex
VERSION=${VERSION:-dev-master}
PHP_VERSION=${PHP_VERSION:-7.3}
# if EGW_SESSION_TIMEOUT is set in environment, propagate value to php.ini
test -n "$EGW_SESSION_TIMEOUT" && test "$EGW_SESSION_TIMEOUT" -ge 1440 &&
sed -e "s/^;\?session.gc_maxlifetime.*/session.gc_maxlifetime=$EGW_SESSION_TIMEOUT/g" \
-i /etc/php/$PHP_VERSION/fpm/php.ini
# if XDEBUG_REMOTE_HOST is set, patch it into xdebug config
test -n "$XDEBUG_REMOTE_HOST" && \
sed -e "s/^xdebug.remote_host.*/xdebug.remote_host=$XDEBUG_REMOTE_HOST/g" \
-i /etc/php/$PHP_VERSION/fpm/conf.d/*xdebug.ini
# downgrade composer to 1.8.6, as 1.9.x does not work with "dev-master" version :(
composer selfupdate 1.8.6
# installation fails without git identity
git config --global user.email || git config --global user.email "you@example.com"
# install EGroupware sources, if not already there
[ -f /var/www/egroupware/header.inc.php ] || {
cd /var/www \
&& ln -sf egroupware/api/templates/default/images/favicon.ico \
&& composer.phar create-project --prefer-source --keep-vcs --no-scripts egroupware/egroupware:$VERSION \
&& cd egroupware \
&& ./install-cli.php \
&& ln -sf /var/lib/egroupware/header.inc.php \
&& sed -e 's/apache/www-data/' -e 's|/usr/share|/var/www|g' doc/rpm-build/egroupware.cron > /etc/cron.d/egroupware
}
# check if we have further apps to install (EPL or old ones ...)
cd /var/www/egroupware
for url in $(env|grep ^EGW_EXTRA_APP|cut -d= -f2)
do
app=$(basename $url .git)
[ $app == "epl" ] && app=stylite
[ -d $app ] || {
git clone $url $app \
&& (cd $app; git remote set-url --push origin $(echo $url|sed 's|https://github.com/|git@github.com:|')) \
&& [ -f header.inc.php ] && doc/rpm-build/post_install.php --install-app $(basename $url .git) \
|| true # do not stop, if one clone fails
}
done
# install phpMyAdmin sources, if not already there
[ -d /var/www/phpmyadmin ] || {
cd /var/www \
&& composer.phar create-project --prefer-source --keep-vcs --no-scripts phpmyadmin/phpmyadmin \
&& cd phpmyadmin \
&& yarn install || true
}
[ -f /var/www/phpmyadmin/config.inc.php ] || {
cd /var/www/phpmyadmin \
&& blowfish_secret=$(php -r "echo base64_encode(random_bytes(24));") \
&& sed -e "s/localhost/db/g" \
-e "s/cfg\['blowfish_secret'\] = '';/cfg['blowfish_secret'] = '$blowfish_secret';/g" \
config.sample.inc.php > config.inc.php
}
# create data directory
[ -d /var/lib/egroupware/default ] || {
mkdir -p /var/lib/egroupware/default/files/sqlfs \
&& mkdir -p /var/lib/egroupware/default/backup \
&& chown -R www-data:www-data /var/lib/egroupware \
&& chmod 700 /var/lib/egroupware/
}
# add private CA so egroupware can validate your certificate to talk to Collabora or Rocket.Chat
test -f /usr/local/share/ca-certificates/private-ca.crt &&
update-ca-certificates
# write install-log in /var/lib/egroupware (only readable by root!)
LOG=/var/lib/egroupware/egroupware-docker-install.log
touch $LOG
chmod 600 $LOG
max_retries=10
export try=0
# EGW_SKIP_INSTALL=true skips initial installation (no header.inc.php yet)
until [ "$EGW_SKIP_INSTALL" = "allways" -o -n "$EGW_SKIP_INSTALL" -a ! -f /var/www/egroupware/header.inc.php ] || \
php /var/www/egroupware/doc/rpm-build/post_install.php \
--start_webserver "" --autostart_webserver "" \
--start_db "" --autostart_db "" \
--db_type "${EGW_DB_TYPE:-mysqli}" \
--db_host "${EGW_DB_HOST:-localhost}" \
--db_grant_host "${EGW_DB_GRANT_HOST:-localhost}" \
--db_root "${EGW_DB_ROOT:-root}" \
--db_root_pw "${EGW_DB_ROOT_PW:-}" \
--db_name "${EGW_DB_NAME:-egroupware}" \
--db_user "${EGW_DB_USER:-egroupware}" \
--db_pass "${EGW_DB_PASS:-}"
do
if [ "$try" -gt "$max_retries" ]; then
echo "Installing of EGroupware failed!"
break
fi
echo "Retrying EGroupware installation in 3 seconds ..."
try=$((try+1))
sleep 3s
done 2>&1 | tee -a $LOG
[ "$(git config --global user.email)" == "you@example.com" ] && {
echo "No git user set, please do so by running:"
echo "git config --global user.email "your@email.address"
echo "git config --global user.name "Your Name"
}
# as we can NOT exit from until (runs a subshell), we need to check and do it here
[ "$(tail -1 $LOG)" = "Installing of EGroupware failed!" ] && exit 1
# to run async jobs
service cron start
exec php-fpm$PHP_VERSION --nodaemonize

View File

@ -1,154 +0,0 @@
# stuff for http block
client_max_body_size 1g;
# fix error: upstream sent too big header while reading response header from upstream
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
upstream fpm {
server egroupware:9000;
}
server {
access_log off;
listen 80 default_server;
# ssl config (enable following line plus either include or ssl_certificate* line)
#listen 443 ssl http2 default_server;
#include snippets/snakeoil.conf; # requires ssl-certs package installed!
# concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem
#ssl_certificate /etc/ssl/private/certificate.pem;
#ssl_certificate_key /etc/ssl/private/certificate.pem;
# HTTP Strict-Transport-Security header (start with a short max-age!)
#add_header Strict-Transport-Security max-age=31536000; # 31536000sec=1year
server_name _;
root /var/www;
index index.php index.html index.htm;
# EGroupware installed in /var/www/egroupware
location ^~ /egroupware {
alias /var/www/egroupware/;
try_files $uri $uri/ =404;
location ~ ^/egroupware(/(?U).+\.php) {
# do not allow to call files ment to be included only
#location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ {
# return 404;
#}
alias /var/www/egroupware;
fastcgi_pass fpm;
# added to support WebDAV/CalDAV/CardDAV
fastcgi_read_timeout 60m;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
# standard Nginx
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/egroupware$1;
fastcgi_param DOCUMENT_ROOT /var/www/html;
}
location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ {
access_log off;
expires 10d;
add_header Pragma public;
add_header Cache-Control "public";
location ~ ^/egroupware(/.*)$ {
alias /var/www/egroupware/;
try_files $1 =404;
}
}
}
# push-server
location /egroupware/push {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://push:9501;
}
# PHP in docroot
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass fpm;
fastcgi_read_timeout 60m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
# ActiveSync support
location /Microsoft-Server-ActiveSync {
fastcgi_pass fpm;
# added to support WebDAV/CalDAV/CardDAV
fastcgi_read_timeout 60m;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/egroupware/activesync/index.php;
}
# CalDAV & CardDAV autoconfig
location ~ ^/.well-known/(caldav|carddav)$ {
return 301 $scheme://$http_host/egroupware/groupdav.php/;
}
location ~ ^(/principals/users/.*)$ {
return 301 $scheme://$http_host/egroupware/groupdav.php$1;
}
# Nginx does NOT use index for OPTIONS requests breakng WebDAV
# for Windows, which sends OPTIONS / and stalls on Nginx 405 response!
# This also redirects all requests to root to EGroupware.
location = / {
return 301 $scheme://$http_host/egroupware/index.php;
}
# redirect /egroupware to /egroupware/
location = /egroupware {
return 301 $scheme://$host/egroupware/index.php;
}
# Collabora sniplet meant to be included in server block of EGroupware vhost
# static files
location ^~ /loleaflet {
proxy_pass http://collabora-key:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass http://collabora-key:9980;
proxy_set_header Host $http_host;
}
# websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass http://collabora-key:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
# proxy into rocketchat container
location /rocketchat {
proxy_pass http://rocketchat:3000;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
# Portainer: Docker GUI (needs to be enabled in docker-compose.yml too!)
#location /portainer/ {
# proxy_pass http://portainer:9000/;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $http_host;
#}
}