docker env fixes (#2234)

Co-authored-by: Charles <charles@pelican.dev>
Co-authored-by: Boy132 <Boy132@users.noreply.github.com>

Dockerfile

@@ -69,8 +69,7 @@ RUN apk add --no-cache \
     zip unzip 7zip bzip2-dev yarn git
 
 # Copy composer binary for runtime plugin dependency management
-COPY --from=composer /usr/local/bin/composer /usr/local/bin/composer    
-
+COPY --from=composer /usr/local/bin/composer /usr/local/bin/composer
 COPY --chown=root:www-data --chmod=770 --from=composerbuild /build .
 COPY --chown=root:www-data --chmod=770 --from=yarnbuild /build/public ./public
 

Dockerfile.dev

@@ -74,8 +74,7 @@ RUN apk add --no-cache \
     zip unzip 7zip bzip2-dev yarn git
 
 # Copy composer binary for runtime plugin dependency management
-COPY --from=composer /usr/local/bin/composer /usr/local/bin/composer    
-
+COPY --from=composer /usr/local/bin/composer /usr/local/bin/composer
 COPY --chown=root:www-data --chmod=770 --from=composerbuild /build .
 COPY --chown=root:www-data --chmod=770 --from=yarnbuild /build/public ./public
 

docker/Caddyfile

@@ -5,11 +5,11 @@
 		{$CADDY_STRICT_PROXIES}
 	}
 	admin off
-	{$PARSED_AUTO_HTTPS}
-	{$PARSED_LE_EMAIL}
+	{$CADDY_AUTO_HTTPS}
+	{$CADDY_LE_EMAIL}
 }
 
-{$PARSED_APP_URL} {
+{$CADDY_APP_URL} {
 	root * /var/www/html/public
 	encode gzip
 

docker/entrypoint.sh

@@ -1,34 +1,48 @@
 #!/bin/ash -e
+# shellcheck shell=dash
+
 # check for .env file or symlink and generate app keys if missing
-if [ -f /var/www/html/.env ]; then
-  echo "external vars exist."
+if [ -f /pelican-data/.env ]; then
+  echo ".env vars exist."
   # load specific env vars from .env used in the entrypoint and they are not already set
-  for VAR in "APP_KEY" "APP_INSTALLED" "DB_CONNECTION" "DB_HOST" "DB_PORT"; do if ! (printenv | grep -q ${VAR}); then export $(grep ${VAR} .env | grep -ve "^#"); fi; done
+  for VAR in "APP_KEY" "APP_INSTALLED" "DB_CONNECTION" "DB_HOST" "DB_PORT"; do
+    echo "checking for ${VAR}"
+    ## skip if it looks like it might try to execute code
+    if (grep "${VAR}" .env | grep -qE "\$\(|=\`|\$#"); then echo "var in .env may be executable or a comment, skipping"; continue; fi
+    # if the variable is in .env then set it
+    if (grep -q "${VAR}" .env); then 
+      echo "loading ${VAR} from .env"
+      export "$(grep "${VAR}" .env | sed 's/"//g')"
+      continue
+    fi
+    ## variable wasn't loaded or in the env to set
+    echo "didn't find variable to set"
+  done
 else
-  echo "external vars don't exist."
+  echo ".env vars don't exist."
   # webroot .env is symlinked to this path
   touch /pelican-data/.env
 
   # manually generate a key because key generate --force fails
-  if [ -z ${APP_KEY} ]; then
-    echo -e "Generating key."
+  if [ -z "${APP_KEY}" ]; then
+    echo "No key set, Generating key."
     APP_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
-    echo -e "Generated app key: $APP_KEY"
-    echo -e "APP_KEY=$APP_KEY" > /pelican-data/.env
+    echo "APP_KEY=$APP_KEY" > /pelican-data/.env
+    echo "Generated app key written to .env file"
   else
-    echo -e "APP_KEY exists in environment, using that."
-    echo -e "APP_KEY=$APP_KEY" > /pelican-data/.env
+    echo "APP_KEY exists in environment, using that."
+    echo "APP_KEY=$APP_KEY" > /pelican-data/.env
   fi
 
   # enable installer
-  echo -e "APP_INSTALLED=false" >> /pelican-data/.env
+  echo "APP_INSTALLED=false" >> /pelican-data/.env
 fi
 
 # create directories for volumes
 mkdir -p /pelican-data/database /pelican-data/storage/avatars /pelican-data/storage/fonts /pelican-data/storage/icons /pelican-data/plugins /var/www/html/storage/logs/supervisord 2>/dev/null
 
 # if the app is installed then we need to run migrations on start. New installs will run migrations when you run the installer.
-if [ "${APP_INSTALLED}" == "true" ];  then
+if [ "${APP_INSTALLED}" = "true" ];  then
   #if the db is anything but sqlite wait until it's accepting connections
   if [ "${DB_CONNECTION}" != "sqlite" ]; then
     # check for DB up before starting the panel
@@ -39,36 +53,44 @@ if [ "${APP_INSTALLED}" == "true" ];  then
       # wait for 1 seconds before check again
       sleep 1
     done
+  else
+    echo "using sqlite database"
   fi
+  
   # run migration
   php artisan migrate --force
 fi
 
-echo -e "Optimizing Filament"
+echo "Optimizing Filament"
 php artisan filament:optimize
 
 # default to caddy not starting
 export SUPERVISORD_CADDY=false
-export PARSED_APP_URL=${APP_URL}
+export CADDY_APP_URL="${APP_URL}"
 
-# checking if app url is using https
-if echo "${APP_URL}" | grep -qE '^https://'; then
+# checking if app url is https
+if (echo "${APP_URL}" | grep -qE '^https://'); then
+  # check lets encrypt email was set without a proxy
+  if [ -z "${LE_EMAIL}" ] && [ "${BEHIND_PROXY}" != "true" ]; then
+    echo "when app url is https a lets encrypt email must be set when not behind a proxy"
+    exit 1
+  fi
   echo "https domain found setting email var"
-  export PARSED_LE_EMAIL="email ${LE_EMAIL}"
+  export CADDY_LE_EMAIL="email ${LE_EMAIL}"
 fi
 
 # when running behind a proxy
-if [ "${BEHIND_PROXY}" == "true" ]; then
+if [ "${BEHIND_PROXY}" = "true" ]; then
   echo "running behind proxy"
   echo "listening on port 80 internally"
-  export PARSED_LE_EMAIL=""
-  export PARSED_APP_URL=":80"
-  export PARSED_AUTO_HTTPS="auto_https off"
-  export ASSET_URL=${APP_URL}
+  export CADDY_LE_EMAIL=""
+  export CADDY_APP_URL=":80"
+  export CADDY_AUTO_HTTPS="auto_https off"
+  export ASSET_URL="${APP_URL}"
 fi
 
 # disable caddy if SKIP_CADDY is set
-if [ "${SKIP_CADDY:-}" == "true" ]; then
+if [ "${SKIP_CADDY:-}" = "true" ]; then
   echo "Starting PHP-FPM only"
 else
   echo "Starting PHP-FPM and Caddy"
@@ -76,8 +98,9 @@ else
   export SUPERVISORD_CADDY=true
 
   # handle trusted proxies for caddy when variable has data
-  if [ ! -z ${TRUSTED_PROXIES} ]; then
-    export CADDY_TRUSTED_PROXIES=$(echo "trusted_proxies static ${TRUSTED_PROXIES}" | sed 's/,/ /g')
+  if [ -n "${TRUSTED_PROXIES:-}" ]; then
+    FORMATTED_PROXIES=$(echo "trusted_proxies static ${TRUSTED_PROXIES}" | sed 's/,/ /g')
+    export CADDY_TRUSTED_PROXIES="${FORMATTED_PROXIES}"
     export CADDY_STRICT_PROXIES="trusted_proxies_strict"
   fi
 fi