holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

a dockerized EGroupware development enviroment

Browse Source
This commit is contained in:
Ralf Becker 2019-11-06 22:26:30 +01:00
parent 1eda093753
commit 99032ef15c
5 changed files with 493 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
doc/docker/development/Dockerfile Normal file
View File

@ -0,0 +1,82 @@
################################################################################
##
## EGroupware FPM container using Ubuntu 18.04 and PHP 7.3 from ondrej/php PPA
##
################################################################################
FROM ubuntu:18.04
MAINTAINER rb@egroupware.org
ARG VERSION=dev-master
RUN apt-get update \
&& apt-get install -y software-properties-common \
&& LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php \
&& apt-get update \
&& bash -c "apt-get install -y php7.3-{cli,mysql,json,gd,xsl,bz2,opcache,apcu,tidy,zip,bcmath,mbstring,smbclient,ldap,curl,fpm,pgsql,gmp}" \
# fpm and php.ini settings
&& sed -e 's/^;\?listen \?=.*/listen = 9000/g' \
-e '/allowed_clients/d' \
-e '/pm.max_children/s/=.*/= 80/' \
-e '/catch_workers_output/s/^;/;/' \
-e '/error_log/d' \
-e 's/^;\?pm.max_requests =.*/pm.max_requests = 30/' \
-e 's/^;\?php_admin_value\[memory_limit\].*/php_admin_value[memory_limit] = 172M/' \
-e 's/^;\?request_terminate_timeout.*/request_terminate_timeout = 70m/' \
-i /etc/php/7.3/fpm/pool.d/www.conf \
&& sed -e 's/^;\?session.gc_maxlifetime.*/session.gc_maxlifetime = 14400/g' \
-e 's|^;\?date.timezone.*|date.timezone = UTC|g' \
-e 's|^;\?sys_temp_dir.*|sys_temp_dir = /tmp|g' \
-e 's|^;\?disable_functions.*|disable_functions = exec,passthru,shell_exec,system,proc_open,popen|g' \
-e 's|^;\?max_execution_time \?=.*|max_execution_time = 90|g' \
-e 's|^;\?upload_max_filesize \?=.*|upload_max_filesize = 64M|g' \
-e 's|^;\?post_max_size \?=.*|post_max_size = 65M|g' \
-e 's|^;\?max_input_vars \?=.*|max_input_vars = 2000|g' \
-e 's|^;\?zlib.output_compression \?=.*|zlib.output_compression = On|g' \
-e 's|^;\?opcache.validate_timestamps \?=.*|opcache.validate_timestamps=0|g' \
-i /etc/php/7.3/fpm/php.ini \
&& sed -e 's|^;\?date.timezone.*|date.timezone = UTC|g' \
-e 's|^;\?sys_temp_dir.*|sys_temp_dir = /tmp|g' \
-i /etc/php/7.3/cli/php.ini \
# create directory for pid file
&& mkdir -p /run/php \
# send logs to stderr to be viewed by docker logs
&& ln -s /dev/stderr /var/log/php7.3-fpm.log \
# install tools to build EGroupware
&& apt-get install -y rsync npm zip curl sudo cron patch \
&& npm install -g grunt-cli \
&& bash -c \
'EXPECTED_SIGNATURE=$(curl https://composer.github.io/installer.sig); \
curl https://getcomposer.org/installer > composer-setup.php; \
ACTUAL_SIGNATURE=$(php -r "echo hash_file(\"sha384\", \"composer-setup.php\");"); \
if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; \
then \
>&2 echo "ERROR: Invalid Composer installer signature"; \
RESULT=1; \
else \
php composer-setup.php --quiet --install-dir /usr/local/bin; \
RESULT=$?; \
fi; \
rm composer-setup.php; \
exit $RESULT' \
# disable certificate checks for LDAP as most LDAP and AD servers have no "valid" cert
&& echo "TLS_REQCERT never" >> /etc/ldap/ldap.conf
# install diverse developper tools, not installed above / in stock container
RUN apt-get install -y php7.3-xdebug git vim yarn \
&& echo "xdebug.remote_enable=1" >> /etc/php/7.3/fpm/conf.d/20-xdebug.ini \
&& echo "xdebug.remote_port=9001" >> /etc/php/7.3/fpm/conf.d/20-xdebug.ini \
&& echo "xdebug.remote_host=172.17.0.1" >> /etc/php/7.3/fpm/conf.d/20-xdebug.ini \
&& ln -s /usr/local/bin/composer.phar /usr/local/bin/composer \
&& sed -e 's|^;\?opcache.validate_timestamps \?=.*|opcache.validate_timestamps=1|g' \
-i /etc/php/7.3/fpm/php.ini \
&& apt-get clean
VOLUME /var/www
VOLUME /var/lib/egroupware
EXPOSE 9000
ADD entrypoint.sh /
CMD ["php-fpm7.3", "--nodaemonize"]
ENTRYPOINT ["/entrypoint.sh"]

23
doc/docker/development/build.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash -x
DEFAULT=$(git branch|grep ^*|cut -c3-)
TAG=${1:-$DEFAULT}
VERSION=$TAG
BRANCH=$(echo $VERSION|sed 's/\.[0-9]\{8\}$//')
[ $VERSION = $BRANCH ] && VERSION="$BRANCH.x-dev"
cd $(dirname $0)
docker pull ubuntu:18.04
docker build --build-arg "VERSION=$VERSION" -t egroupware/development:$TAG . && {
docker push egroupware/development:$TAG
# tag only stable releases as latest
[ $TAG != "master" ] && {
docker tag egroupware/development:$TAG egroupware/development:latest
docker push egroupware/development:latest
}
[ "$BRANCH" != $VERSION -a "${BRANCH}.x-dev" != $VERSION ] && {
docker tag egroupware/development:$VERSION egroupware/development:$BRANCH
docker push egroupware/development:$BRANCH
}
}

155
doc/docker/development/docker-compose.yml Normal file
View File

@ -0,0 +1,155 @@
version: '3'
volumes:
# data directory: here are the files stored (/var/lib/egroupware by default)
data:
driver_opts:
type: none
o: bind
# to upgrade an existing non-docker installation most easy is to use the existing
# data directory /var/lib/egroupware AND the host database see below
#device: /var/lib/egroupware
# otherwise data is stored in data subdirectory of the current directory
device: $PWD/data
# sources directory or document root mounted as /var/www inside the container
sources:
driver_opts:
type: none
o: bind
# use this if you have an existing document root with an egroupware directory inside
#device: /var/www
# otherwise sources/document is stored in sources subdirectory of current directory
device: $PWD/sources
# sources for push server, swoolpush subdirectory of egroupware
sources-push:
driver_opts:
type: none
o: bind
device: $PWD/sources/egroupware/swoolpush
# for Mac and Windows, do NOT use a directory for the DB, as the Docker host is in a VM!
db:
sessions:
# cache files from compose, npm and yarn (actually /root inside the container)
cache:
services:
egroupware:
image: egroupware/development:master
# setting a default language for a new installation
#environment:
#- LANG=de
volumes:
- sources:/var/www
- data:/var/lib/egroupware
- sessions:/var/lib/php/sessions
- cache:/root
# if you want to use the host database:
# 1. comment out the whole db service below AND
# 2. set EGW_DB_HOST=localhost AND
# 3. uncomment the next line and modify the host path (first one), it depends on your distro:
# - RHEL/CentOS /var/lib/mysql/mysql.sock
# - openSUSE/SLE /var/run/mysql/mysql.sock
# - Debian/Ubuntu /var/run/mysqld/mysqld.sock
#- /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock
environment:
#
# MariaDB/MySQL host to use: for internal service use "db", for host database (socket bind-mounted into container) use "localhost"
- EGW_DB_HOST=db
# grant host is needed for NOT using localhost / unix domain socket for MySQL/MariaDB
- EGW_DB_GRANT_HOST=172.%
# for internal db service you should to specify a root password here AND in db service
# a database "egroupware" with a random password is created for you on installation (password is stored in header.inc.php in data directory)
#- EGW_DB_ROOT=root
- EGW_DB_ROOT_PW=secret
# alternativly you can specify an already existing database with full right by the given user!
#- EGW_DB_NAME=egroupware
#- EGW_DB_USER=egroupware
#- EGW_DB_PASS=
#
# further post_install.php arguments can be passed as a single enviroment variable with space separated assignments
# "<name1>=<value1> <name2>=<value2>" see https://github.com/EGroupware/egroupware/blob/master/doc/rpm-build/post_install.php#L17
# to configure eg. LDAP for authentication and account storage use
#- EGW_POST_INSTALL='account-auth=ldap,ldap ldap_base=ou=egroupware,dc=example,dc=org ldap_host=tls://ldap.example.org ldap_admin=cn=admin,$base ldap_admin_pw=secret ldap_context=cn=users,$base ldap_group_context=cn=groups,$base'
#
# extra non-default apps (need to start with EGW_EXTRA_APP!)
#
# new push server not yet in composer.json
- EGW_EXTRA_APP_PUSH=https://github.com/EGroupware/swoolepush.git
# EPL apps (need extra credentials!)
#- EGW_EXTRA_APPS_EPL=https://github.com/EGroupwareGmbH/epl.git https://github.com/EGroupwareGmbH/esyncpro.git https://github.com/EGroupwareGmbH/policy.git https://github.com/EGroupwareGmbH/webauthn.git
# old Wiki
- EGW_EXTRA_APP_WIKI=https://github.com/EGroupware/wiki.git
# old API and eTemplate(1)
- EGW_EXTRA_APP_OLDAPI=https://github.com/EGroupware/phpgwapi.git https://github.com/EGroupware/etemplate.git
#
# XDEBUG_REMOTE_HOST need to be set, if the host running the IDE is different from 172.17.0.1 (Mac can use docker.for.mac.localhost)
- XDEBUG_REMOTE_HOST=docker.for.mac.localhost
restart: always
depends_on:
- db
container_name: egroupware
# set the ip-address of your docker host AND your official DNS name so EGroupware
# can access Rocket.Chat or Collabora without the need to go over your firewall
#extra_hosts:
#- "my.host.name:ip-address"
nginx:
image: nginx:stable-alpine
volumes:
- sources:/var/www:ro
# to add a certificate create a certificate.pem containing (in that order)
# 1. private key
# 2. public key
# 3. (optional) chain certificates
# uncomment to the next line
# ./certificate.pem:/etc/ssl/private/certificate.pem
# AND uncomment the three lines starting with "listen 443", "ssl_certificate", "ssl_certificate_key" in nginx.conf
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
ports:
# if no webserver is running on the host, change (first) number to 80 or 443
- "8080:80"
- "4443:443"
depends_on:
- egroupware
container_name: egroupware-nginx
# run an own MariaDB:10.4 (you can use EGroupware's database backup and restore to add your existing database)
db:
image: mariadb
environment:
#- MYSQL_ROOT=root
- MYSQL_ROOT_PASSWORD=secret
volumes:
- db:/var/lib/mysql
container_name: egroupware-db
# push server using phpswoole
#push:
# image: phpswoole/swoole:latest-dev
# volumes:
# - sources-push:/var/www
# - sessions:/var/lib/php/sessions
# container_name: egroupware-push
# automatic updates of all containers daily at 4am
# see https://containrrr.github.io/watchtower for more information
watchtower:
image: containrrr/watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# For automatic EPL Updates (not necessary for CE!) you need to pass docker
# credentials into watchtower after running: docker login download.egroupware.org
#- /root/.docker/config.json:/config.json:ro
environment:
- WATCHTOWER_CLEANUP=true # delete old image after update to not fill up the disk
# for email notifications add your email and mail-server here
#- WATCHTOWER_NOTIFICATIONS=email
#- WATCHTOWER_NOTIFICATIONS_LEVEL=info # possible values: panic, fatal, error, warn, info or debug
#- WATCHTOWER_NOTIFICATION_EMAIL_FROM="watchtower@my-domain.com"
#- WATCHTOWER_NOTIFICATION_EMAIL_TO="me@my-domain.com"
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER="mail.my-domain.com" # if you give your MX here, you need no user/password
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=25
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER="watchtower@my-domain.com"
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="secret"
command: --schedule "0 0 4 * * *"
container_name: egroupware-watchtower
restart: always

116
doc/docker/development/entrypoint.sh Executable file
View File

@ -0,0 +1,116 @@
#!/bin/bash
set -ex
VERSION=${VERSION:-dev-master}
# if EGW_SESSION_TIMEOUT is set in environment, propagate value to php.ini
test -n "$EGW_SESSION_TIMEOUT" && test "$EGW_SESSION_TIMEOUT" -ge 1440 &&
sed -e "s/^;\?session.gc_maxlifetime.*/session.gc_maxlifetime = $EGW_SESSION_TIMEOUT/g" \
-i /etc/php/7.3/fpm/php.ini
# if XDEBUG_REMOTE_HOST is set, patch it into xdebug config
test -n "$XDEBUG_REMOTE_HOST" && \
sed -e "s/^xdebug.remote_host.*/xdebug.remote_host=$XDEBUG_REMOTE_HOST/g" \
-i /etc/php/7.3/fpm/conf.d/*xdebug.ini
# downgrade composer to 1.8.6, as 1.9.x does not work with "dev-master" version :(
composer selfupdate 1.8.6
# installation fails without git identity
git config --global user.email || git config --global user.email "you@example.com"
# install EGroupware sources, if not already there
[ -f /var/www/egroupware/header.inc.php ] || {
cd /var/www \
&& ln -sf egroupware/api/templates/default/images/favicon.ico \
&& composer.phar create-project --prefer-source --keep-vcs --no-scripts egroupware/egroupware:$VERSION \
&& cd egroupware \
&& ./install-cli.php \
&& ln -sf /var/lib/egroupware/header.inc.php \
&& sed -e 's/apache/www-data/' -e 's|/usr/share|/var/www|g' doc/rpm-build/egroupware.cron > /etc/cron.d/egroupware
}
# check if we have further apps to install (EPL or old ones ...)
cd /var/www/egroupware
for url in $(env|grep ^EGW_EXTRA_APP|cut -d= -f2)
do
app=$(basename $url .git)
[ $app == "epl" ] && app=stylite
[ -d $app ] || {
git clone $url $app \
&& (cd $app; git remote set-url --push origin $(echo $url|sed 's|https://github.com/|git@github.com:|')) \
&& [ -f header.inc.php ] && doc/rpm-build/post_install.php --install-app $(basename $url .git) \
|| true # do not stop, if one clone fails
}
done
# install phpMyAdmin sources, if not already there
[ -d /var/www/phpmyadmin ] || {
cd /var/www \
&& composer.phar create-project --prefer-source --keep-vcs --no-scripts phpmyadmin/phpmyadmin \
&& cd phpmyadmin \
&& yarn install || true
}
[ -f /var/www/phpmyadmin/config.inc.php ] || {
cd /var/www/phpmyadmin \
&& blowfish_secret=$(php -r "echo base64_encode(random_bytes(24));") \
&& sed -e "s/localhost/db/g" \
-e "s/cfg\['blowfish_secret'\] = '';/cfg['blowfish_secret'] = '$blowfish_secret';/g" \
config.sample.inc.php > config.inc.php
}
# create data directory
[ -d /var/lib/egroupware/default ] || {
mkdir -p /var/lib/egroupware/default/files/sqlfs \
&& mkdir -p /var/lib/egroupware/default/backup \
&& chown -R www-data:www-data /var/lib/egroupware \
&& chmod 700 /var/lib/egroupware/
}
# add private CA so egroupware can validate your certificate to talk to Collabora or Rocket.Chat
test -f /usr/local/share/ca-certificates/private-ca.crt &&
update-ca-certificates
# write install-log in /var/lib/egroupware (only readable by root!)
LOG=/var/lib/egroupware/egroupware-docker-install.log
touch $LOG
chmod 600 $LOG
max_retries=10
export try=0
# EGW_SKIP_INSTALL=true skips initial installation (no header.inc.php yet)
until [ -n "$EGW_SKIP_INSTALL" -a ! -f /var/www/egroupware/header.inc.php ] || \
php /var/www/egroupware/doc/rpm-build/post_install.php \
--start_webserver "" --autostart_webserver "" \
--start_db "" --autostart_db "" \
--db_type "${EGW_DB_TYPE:-mysqli}" \
--db_host "${EGW_DB_HOST:-localhost}" \
--db_grant_host "${EGW_DB_GRANT_HOST:-localhost}" \
--db_root "${EGW_DB_ROOT:-root}" \
--db_root_pw "${EGW_DB_ROOT_PW:-}" \
--db_name "${EGW_DB_NAME:-egroupware}" \
--db_user "${EGW_DB_USER:-egroupware}" \
--db_pass "${EGW_DB_PASS:-}"
do
if [ "$try" -gt "$max_retries" ]; then
echo "Installing of EGroupware failed!"
break
fi
echo "Retrying EGroupware installation in 3 seconds ..."
try=$((try+1))
sleep 3s
done 2>&1 | tee -a $LOG
[ "$(git config --global user.email)" == "you@example.com" ] && {
echo "No git user set, please do so by running:"
echo "git config --global user.email "your@email.address"
echo "git config --global user.name "Your Name"
}
# as we can NOT exit from until (runs a subshell), we need to check and do it here
[ "$(tail -1 $LOG)" = "Installing of EGroupware failed!" ] && exit 1
# to run async jobs
service cron start
exec "$@"

117
doc/docker/development/nginx.conf Normal file
View File

@ -0,0 +1,117 @@
# stuff for http block
client_max_body_size 1g;
# fix error: upstream sent too big header while reading response header from upstream
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
upstream fpm {
server egroupware:9000;
}
server {
access_log off;
listen 80 default_server;
# ssl config (enable following line plus either include or ssl_certificate* line)
#listen 443 ssl http2 default_server;
#include snippets/snakeoil.conf; # requires ssl-certs package installed!
# concatenate private key, certificate and intermediate certs to /etc/ssl/private/certificate.pem
#ssl_certificate /etc/ssl/private/certificate.pem;
#ssl_certificate_key /etc/ssl/private/certificate.pem;
# HTTP Strict-Transport-Security header (start with a short max-age!)
#add_header Strict-Transport-Security max-age=31536000; # 31536000sec=1year
server_name _;
root /var/www;
index index.php index.html index.htm;
# other settings
client_max_body_size 65M;
# EGroupware installed in /var/www/egroupware
location ^~ /egroupware {
alias /var/www/egroupware/;
try_files $uri $uri/ =404;
location ~ ^/egroupware(/(?U).+\.php) {
# do not allow to call files ment to be included only
#location ~ ^$path/(vendor|[^/]+/(src|setup|inc))/ {
# return 403;
#}
alias /var/www/egroupware;
fastcgi_pass fpm;
# added to support WebDAV/CalDAV/CardDAV
fastcgi_read_timeout 60m;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
# standard Nginx
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/egroupware$1;
fastcgi_param DOCUMENT_ROOT /var/www/html;
}
location ~ (?i)\.(ico|jpe?g|gif|png|svg|xet|xml|js|css|html|map|swf)$ {
access_log off;
expires 10d;
add_header Pragma public;
add_header Cache-Control "public";
location ~ ^/egroupware(/.*)$ {
alias /var/www/egroupware/;
try_files $1 =404;
}
}
}
# push-server
#location /egroupware/push {
# proxy_http_version 1.1;
# proxy_set_header Host $http_host;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_pass http://push:9501;
#}
# PHP in docroot
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass fpm;
fastcgi_read_timeout 60m;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
# ActiveSync support
location /Microsoft-Server-ActiveSync {
fastcgi_pass fpm;
# added to support WebDAV/CalDAV/CardDAV
fastcgi_read_timeout 60m;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/egroupware/activesync/index.php;
}
# CalDAV & CardDAV autoconfig
location ~ ^/.well-known/(caldav|carddav)$ {
return 301 $scheme://$http_host/egroupware/groupdav.php/;
}
location ~ ^(/principals/users/.*)$ {
return 301 $scheme://$http_host/egroupware/groupdav.php$1;
}
# Nginx does NOT use index for OPTIONS requests breakng WebDAV
# for Windows, which sends OPTIONS / and stalls on Nginx 405 response!
# This also redirects all requests to root to EGroupware.
location = / {
return 301 $scheme://$http_host/egroupware/index.php;
}
}