move app user creation to startup scripts

run fpm as app user
5 years ago · 0e7d838fec
parent 8efb1fb4df
commit 0e7d838fec
5 changed files with 10 additions and 15 deletions
--- a/src/app/Dockerfile
+++ b/src/app/Dockerfile
@ -15,9 +15,6 @@ ADD build-prepare.sh /
 RUN sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf
 ARG OWNER_UID
 ARG OWNER_GID
 RUN sh -c /build-prepare.sh
 CMD /startup.sh
--- a/src/app/build-prepare.sh
+++ b/src/app/build-prepare.sh
@ -21,6 +21,4 @@ else
 fi
 mkdir -p /var/www
 addgroup -g $OWNER_GID app 
 adduser -D -h /var/www/html -G app -u $OWNER_UID app
--- a/src/app/startup.sh
+++ b/src/app/startup.sh
@ -5,6 +5,9 @@ while ! pg_isready -h $DB_HOST -U $DB_USER; do
 	sleep 3
 done
 addgroup -g $OWNER_GID app
 adduser -D -h /var/www/html -G app -u $OWNER_UID app
 DST_DIR=/var/www/html/tt-rss
 SRC_DIR=/src/tt-rss/
@ -38,7 +41,8 @@ for d in cache lock feed-icons; do
 	chmod -R 777 $DST_DIR/$d
 done
-chown -R $OWNER_UID:$OWNER_GID $DST_DIR
+chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
 	/var/log/php7	
 PSQL="psql -q -h $DB_HOST -U $DB_USER $DB_NAME"
@ -75,5 +79,5 @@ fi
 touch $DST_DIR/.app_is_ready
-exec /usr/sbin/php-fpm7 -F
+sudo -u app /usr/sbin/php-fpm7 -F
--- a/src/app/updater.sh
+++ b/src/app/updater.sh
@ -3,6 +3,9 @@
 # wait for the app container to delete .app_is_ready and perform rsync, etc.
 sleep 30
 addgroup -g $OWNER_GID app
 adduser -D -h /var/www/html -G app -u $OWNER_UID app
 while ! pg_isready -h $DB_HOST -U $DB_USER; do
 	echo waiting until $DB_HOST is ready...
 	sleep 3
@ -15,4 +18,4 @@ while [ ! -s $DST_DIR/config.php -a -e $DST_DIR/.app_is_ready ]; do
 	sleep 3
 done
-exec /usr/bin/php /var/www/html/tt-rss/update_daemon2.php
+sudo -u app /usr/bin/php /var/www/html/tt-rss/update_daemon2.php
--- a/src/docker-compose.yml
+++ b/src/docker-compose.yml
@ -18,9 +18,6 @@ services:
    build: 
      context:
        ./app
      args:
        - OWNER_UID=${OWNER_UID}
        - OWNER_GID=${OWNER_GID}
    restart: unless-stopped
    environment:
      - DB_TYPE=pgsql
@ -41,9 +38,6 @@ services:
    build: 
      context:
        ./app
      args:
        - OWNER_UID=${OWNER_UID}
        - OWNER_GID=${OWNER_GID}
    restart: unless-stopped
    environment:
      - DB_TYPE=pgsql
@ -58,7 +52,6 @@ services:
      - app:/var/www/html
    depends_on:
      - app
    user: app
    command: /updater.sh
  web: