mirror of
https://github.com/bastienwirtz/homer.git
synced 2024-11-07 00:34:03 +01:00
Simplify the container starting process to allow it to run with a
unprivileged user
This commit is contained in:
parent
cd75da69f9
commit
049f85221e
20
Dockerfile
20
Dockerfile
@ -12,24 +12,28 @@ RUN yarn build
|
||||
# production stage
|
||||
FROM alpine:3.15
|
||||
|
||||
ENV USER lighttpd
|
||||
ENV GROUP lighttpd
|
||||
ENV GID 911
|
||||
ENV UID 911
|
||||
ENV GID 1000
|
||||
ENV UID 1000
|
||||
ENV PORT 8080
|
||||
ENV SUBFOLDER "/_"
|
||||
ENV INIT_ASSETS 1
|
||||
|
||||
RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} && \
|
||||
RUN addgroup -S lighttpd -g ${GID} && adduser -D -S -u ${UID} lighttpd lighttpd && \
|
||||
apk add -U --no-cache lighttpd
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
COPY lighttpd.conf /lighttpd.conf
|
||||
WORKDIR /www
|
||||
|
||||
COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/
|
||||
COPY lighttpd.conf /lighttpd.conf
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
COPY --from=build-stage --chown=${UID}:${GID} /app/dist /www/
|
||||
COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets
|
||||
|
||||
USER ${UID}:${GID}
|
||||
|
||||
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
|
||||
CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1
|
||||
|
||||
EXPOSE ${PORT}
|
||||
VOLUME /www/assets
|
||||
|
||||
ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]
|
||||
|
@ -32,14 +32,16 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} &
|
||||
apk add -U --no-cache lighttpd && \
|
||||
rm /usr/bin/qemu-arm-static
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
COPY lighttpd.conf /lighttpd.conf
|
||||
WORKDIR /www
|
||||
|
||||
COPY lighttpd.conf /lighttpd.conf
|
||||
COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/
|
||||
COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets
|
||||
|
||||
USER ${USER}
|
||||
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
|
||||
CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1
|
||||
|
||||
EXPOSE ${PORT}
|
||||
VOLUME /www/assets
|
||||
ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]
|
||||
|
||||
CMD ["lighttpd", "-D", "-f", "/lighttpd.conf"]
|
||||
|
@ -32,14 +32,16 @@ RUN addgroup -S ${GROUP} -g ${GID} && adduser -D -S -u ${UID} ${USER} ${GROUP} &
|
||||
apk add -U --no-cache lighttpd && \
|
||||
rm /usr/bin/qemu-aarch64-static
|
||||
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
COPY lighttpd.conf /lighttpd.conf
|
||||
WORKDIR /www
|
||||
|
||||
COPY lighttpd.conf /lighttpd.conf
|
||||
COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist /www/
|
||||
COPY --from=build-stage --chown=${USER}:${GROUP} /app/dist/assets /www/default-assets
|
||||
|
||||
USER ${USER}
|
||||
HEALTHCHECK --interval=30s --timeout=5s --retries=3 \
|
||||
CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:${PORT}/ || exit 1
|
||||
|
||||
EXPOSE ${PORT}
|
||||
VOLUME /www/assets
|
||||
ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]
|
||||
|
||||
CMD ["lighttpd", "-D", "-f", "/lighttpd.conf"]
|
||||
|
25
README.md
25
README.md
@ -71,8 +71,6 @@ See [documentation](docs/configuration.md) for information about the configurati
|
||||
|
||||
### Using docker
|
||||
|
||||
To launch container:
|
||||
|
||||
```sh
|
||||
docker run -d \
|
||||
-p 8080:8080 \
|
||||
@ -81,16 +79,19 @@ docker run -d \
|
||||
b4bz/homer:latest
|
||||
```
|
||||
|
||||
Default assets will be automatically installed in the `/www/assets` directory. Use `UID` and/or `GID` env var to change the assets owner (`docker run -e "UID=1000" -e "GID=1000" [...]`).
|
||||
Environment variables:
|
||||
|
||||
## Host in subfolder
|
||||
* **`INIT_ASSETS`** (default: `1`)
|
||||
Install exemple configuration file & assets (favicons, ...) to help you get started.
|
||||
|
||||
* **`SUBFOLDER`** (default: `null`)
|
||||
If you would like to host Homer in a subfolder, (ex: *http://my-domain/**homer***), set this to the subfolder path (ex `/homer`).
|
||||
|
||||
If you would like to host Homer in a subfolder, for e.g. behind a reverse proxy, supply the name of subfolder by using the `SUBFOLDER` env var.
|
||||
|
||||
### Using docker-compose
|
||||
|
||||
The `docker-compose.yml` file must be edited to match your needs.
|
||||
Set the port and volume (equivalent to `-p` and `-v` arguments):
|
||||
You probably want to set the port mapping and volume binding (equivalent to `-p` and `-v` arguments):
|
||||
|
||||
```yaml
|
||||
volumes:
|
||||
@ -99,21 +100,13 @@ ports:
|
||||
- 8080:8080
|
||||
```
|
||||
|
||||
To launch container:
|
||||
Then launch the container:
|
||||
|
||||
```sh
|
||||
cd /path/to/docker-compose.yml
|
||||
cd /path/to/docker-compose.yml/
|
||||
docker-compose up -d
|
||||
```
|
||||
|
||||
Default assets will be automatically installed in the `/www/assets` directory. Use `UID` and/or `GID` env var to change the assets owner, also in `docker-compose.yml`:
|
||||
|
||||
```yaml
|
||||
environment:
|
||||
- UID=1000
|
||||
- GID=1000
|
||||
```
|
||||
|
||||
### Using the release tarball (prebuilt, ready to use)
|
||||
|
||||
Download and extract the latest release (`homer.zip`) from the [release page](https://github.com/bastienwirtz/homer/releases), rename the `assets/config.yml.dist` file to `assets/config.yml`, and put it behind a web server.
|
||||
|
@ -10,7 +10,6 @@ services:
|
||||
- /your/local/assets/:/www/assets
|
||||
ports:
|
||||
- 8080:8080
|
||||
#environment:
|
||||
# - UID=1000
|
||||
# - GID=1000
|
||||
restart: unless-stopped
|
||||
user: 1000:1000 # default
|
||||
environment:
|
||||
- INIT_ASSETS=1 # default
|
||||
|
@ -1,23 +1,18 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Ensure default assets are present.
|
||||
while true; do echo n; done | cp -Ri /www/default-assets/* /www/assets/ &> /dev/null
|
||||
PERMISSION_ERROR="Check assets directory permissions & docker user or skip default assets install by setting the INIT_ASSETS env var to 0"
|
||||
|
||||
# Ensure compatibility with previous version (config.yml was in the root directory)
|
||||
if [ -f "/www/config.yml" ]; then
|
||||
yes n | cp -i /www/config.yml /www/assets/ &> /dev/null
|
||||
# Default assets & exemple configuration installation if possible.
|
||||
if [[ "${INIT_ASSETS}" == "1" ]] && [[ ! -f "/www/config.yml" ]]; then
|
||||
echo "No configuration found, installing default config & assets"
|
||||
if [[ ! -w "/www/assets/" ]]; then echo "Assets directory not writable. $PERMISSION_ERROR" && exit 1; fi
|
||||
|
||||
while true; do echo n; done | cp -Ri /www/default-assets/* /www/assets/ &> /dev/null
|
||||
if [[ $? -ne 0 ]]; then echo "Fail to copy default assets. $PERMISSION_ERROR" && exit 1; fi
|
||||
|
||||
yes n | cp -i /www/default-assets/config.yml.dist /www/assets/config.yml &> /dev/null
|
||||
if [[ $? -ne 0 ]]; then echo "Fail to copy default config file. $PERMISSION_ERROR" && exit 1; fi
|
||||
fi
|
||||
|
||||
# Install default config if no one is available.
|
||||
yes n | cp -i /www/default-assets/config.yml.dist /www/assets/config.yml &> /dev/null
|
||||
|
||||
# Create symbolic link for hosting in subfolder.
|
||||
if [[ -n "${SUBFOLDER}" ]]; then
|
||||
ln -s /www "/www/$SUBFOLDER"
|
||||
chown -h $USER:$GROUP "/www/$SUBFOLDER"
|
||||
fi
|
||||
|
||||
chown -R $UID:$GID /www/assets
|
||||
|
||||
echo "Starting webserver"
|
||||
lighttpd -D -f /lighttpd.conf
|
||||
|
@ -2,8 +2,8 @@ include "/etc/lighttpd/mime-types.conf"
|
||||
|
||||
server.port = env.PORT
|
||||
server.modules = ( "mod_alias" )
|
||||
server.username = env.USER
|
||||
server.groupname = env.GROUP
|
||||
server.username = "lighttpd"
|
||||
server.groupname = "lighttpd"
|
||||
server.document-root = "/www"
|
||||
alias.url = ( env.SUBFOLDER => "/www" )
|
||||
server.indexfiles = ("index.html")
|
||||
|
@ -104,6 +104,10 @@ body {
|
||||
|
||||
.dashboard-title {
|
||||
padding: 6px 0 0 80px;
|
||||
|
||||
&.no-logo {
|
||||
padding-left: 0;
|
||||
}
|
||||
}
|
||||
|
||||
.first-line {
|
||||
|
Loading…
Reference in New Issue
Block a user