diff --git a/Dockerfile b/Dockerfile index eb509a45d..f0af8aa5a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -69,8 +69,7 @@ RUN apk add --no-cache \ zip unzip 7zip bzip2-dev yarn git # Copy composer binary for runtime plugin dependency management -COPY --from=composer /usr/local/bin/composer /usr/local/bin/composer - +COPY --from=composer /usr/local/bin/composer /usr/local/bin/composer COPY --chown=root:www-data --chmod=770 --from=composerbuild /build . COPY --chown=root:www-data --chmod=770 --from=yarnbuild /build/public ./public diff --git a/Dockerfile.dev b/Dockerfile.dev index 99a5aea9c..ca8a1b5a6 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -74,8 +74,7 @@ RUN apk add --no-cache \ zip unzip 7zip bzip2-dev yarn git # Copy composer binary for runtime plugin dependency management -COPY --from=composer /usr/local/bin/composer /usr/local/bin/composer - +COPY --from=composer /usr/local/bin/composer /usr/local/bin/composer COPY --chown=root:www-data --chmod=770 --from=composerbuild /build . COPY --chown=root:www-data --chmod=770 --from=yarnbuild /build/public ./public diff --git a/docker/Caddyfile b/docker/Caddyfile index 399fe84f1..48c6d8e88 100644 --- a/docker/Caddyfile +++ b/docker/Caddyfile @@ -5,11 +5,11 @@ {$CADDY_STRICT_PROXIES} } admin off - {$PARSED_AUTO_HTTPS} - {$PARSED_LE_EMAIL} + {$CADDY_AUTO_HTTPS} + {$CADDY_LE_EMAIL} } -{$PARSED_APP_URL} { +{$CADDY_APP_URL} { root * /var/www/html/public encode gzip diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 5945f2700..f69d737a6 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,34 +1,48 @@ #!/bin/ash -e +# shellcheck shell=dash + # check for .env file or symlink and generate app keys if missing -if [ -f /var/www/html/.env ]; then - echo "external vars exist." +if [ -f /pelican-data/.env ]; then + echo ".env vars exist." # load specific env vars from .env used in the entrypoint and they are not already set - for VAR in "APP_KEY" "APP_INSTALLED" "DB_CONNECTION" "DB_HOST" "DB_PORT"; do if ! (printenv | grep -q ${VAR}); then export $(grep ${VAR} .env | grep -ve "^#"); fi; done + for VAR in "APP_KEY" "APP_INSTALLED" "DB_CONNECTION" "DB_HOST" "DB_PORT"; do + echo "checking for ${VAR}" + ## skip if it looks like it might try to execute code + if (grep "${VAR}" .env | grep -qE "\$\(|=\`|\$#"); then echo "var in .env may be executable or a comment, skipping"; continue; fi + # if the variable is in .env then set it + if (grep -q "${VAR}" .env); then + echo "loading ${VAR} from .env" + export "$(grep "${VAR}" .env | sed 's/"//g')" + continue + fi + ## variable wasn't loaded or in the env to set + echo "didn't find variable to set" + done else - echo "external vars don't exist." + echo ".env vars don't exist." # webroot .env is symlinked to this path touch /pelican-data/.env # manually generate a key because key generate --force fails - if [ -z ${APP_KEY} ]; then - echo -e "Generating key." + if [ -z "${APP_KEY}" ]; then + echo "No key set, Generating key." APP_KEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) - echo -e "Generated app key: $APP_KEY" - echo -e "APP_KEY=$APP_KEY" > /pelican-data/.env + echo "APP_KEY=$APP_KEY" > /pelican-data/.env + echo "Generated app key written to .env file" else - echo -e "APP_KEY exists in environment, using that." - echo -e "APP_KEY=$APP_KEY" > /pelican-data/.env + echo "APP_KEY exists in environment, using that." + echo "APP_KEY=$APP_KEY" > /pelican-data/.env fi # enable installer - echo -e "APP_INSTALLED=false" >> /pelican-data/.env + echo "APP_INSTALLED=false" >> /pelican-data/.env fi # create directories for volumes mkdir -p /pelican-data/database /pelican-data/storage/avatars /pelican-data/storage/fonts /pelican-data/storage/icons /pelican-data/plugins /var/www/html/storage/logs/supervisord 2>/dev/null # if the app is installed then we need to run migrations on start. New installs will run migrations when you run the installer. -if [ "${APP_INSTALLED}" == "true" ]; then +if [ "${APP_INSTALLED}" = "true" ]; then #if the db is anything but sqlite wait until it's accepting connections if [ "${DB_CONNECTION}" != "sqlite" ]; then # check for DB up before starting the panel @@ -39,36 +53,44 @@ if [ "${APP_INSTALLED}" == "true" ]; then # wait for 1 seconds before check again sleep 1 done + else + echo "using sqlite database" fi + # run migration php artisan migrate --force fi -echo -e "Optimizing Filament" +echo "Optimizing Filament" php artisan filament:optimize # default to caddy not starting export SUPERVISORD_CADDY=false -export PARSED_APP_URL=${APP_URL} +export CADDY_APP_URL="${APP_URL}" -# checking if app url is using https -if echo "${APP_URL}" | grep -qE '^https://'; then +# checking if app url is https +if (echo "${APP_URL}" | grep -qE '^https://'); then + # check lets encrypt email was set without a proxy + if [ -z "${LE_EMAIL}" ] && [ "${BEHIND_PROXY}" != "true" ]; then + echo "when app url is https a lets encrypt email must be set when not behind a proxy" + exit 1 + fi echo "https domain found setting email var" - export PARSED_LE_EMAIL="email ${LE_EMAIL}" + export CADDY_LE_EMAIL="email ${LE_EMAIL}" fi # when running behind a proxy -if [ "${BEHIND_PROXY}" == "true" ]; then +if [ "${BEHIND_PROXY}" = "true" ]; then echo "running behind proxy" echo "listening on port 80 internally" - export PARSED_LE_EMAIL="" - export PARSED_APP_URL=":80" - export PARSED_AUTO_HTTPS="auto_https off" - export ASSET_URL=${APP_URL} + export CADDY_LE_EMAIL="" + export CADDY_APP_URL=":80" + export CADDY_AUTO_HTTPS="auto_https off" + export ASSET_URL="${APP_URL}" fi # disable caddy if SKIP_CADDY is set -if [ "${SKIP_CADDY:-}" == "true" ]; then +if [ "${SKIP_CADDY:-}" = "true" ]; then echo "Starting PHP-FPM only" else echo "Starting PHP-FPM and Caddy" @@ -76,8 +98,9 @@ else export SUPERVISORD_CADDY=true # handle trusted proxies for caddy when variable has data - if [ ! -z ${TRUSTED_PROXIES} ]; then - export CADDY_TRUSTED_PROXIES=$(echo "trusted_proxies static ${TRUSTED_PROXIES}" | sed 's/,/ /g') + if [ -n "${TRUSTED_PROXIES:-}" ]; then + FORMATTED_PROXIES=$(echo "trusted_proxies static ${TRUSTED_PROXIES}" | sed 's/,/ /g') + export CADDY_TRUSTED_PROXIES="${FORMATTED_PROXIES}" export CADDY_STRICT_PROXIES="trusted_proxies_strict" fi fi