initial for env-based setup

legacy-php5
Andrew Dolgov 4 years ago
parent 6cccc777d3
commit 5f6651e6f0

@ -4,12 +4,8 @@
POSTGRES_USER=postgres
POSTGRES_PASSWORD=password
OWNER_UID=1000
OWNER_GID=1000
# You can keep this as localhost unless you want to use the ssl sidecar
# container (I suggest terminating ssl on the reverse proxy instead).
HTTP_HOST=localhost
# This is only used by web-ssl container.
#HTTP_HOST=localhost
# You will likely need to set this to the correct value, see README.md
# for more information.

@ -13,7 +13,7 @@ General outline of the configuration is as follows:
- ``config.php`` is generated if it is missing
- database schema is installed automatically if it is missing
- nginx has its http port exposed to the outside
- optional SSL support via Caddy w/ automatic letsencrypt certificates
- optional SSL support via Caddy w/ automatic letsencrypt certificates (deprecated)
- feed updates are handled via update daemon started in a separate container (updater)
- optional backups container which performs tt-rss database backup once a week
@ -33,15 +33,15 @@ You will likely have to change ``SELF_URL_PATH`` which should equal fully qualif
URL as seen when opening it in your web browser. If this field is set incorrectly, you will
likely see the correct value in the tt-rss fatal error message.
Note: ``SELF_URL_PATH`` is updated in generated tt-rss ``config.php`` automatically on container
restart. You don't need to modify ``config.php`` manually for this.
By default, `web` container binds to **localhost** port **8280**. If you want the container to be
accessible on the net, without using a reverse proxy sharing same host, you will need to
remove ``127.0.0.1:`` from ``HTTP_PORT`` variable in ``.env``.
Please don't rename the services inside `docker-compose.yml` unless you know what you're doing. Web container expects application container to be named `app`, if you rename it and it's not accessible via Docker DNS as `http://app` you will run into 502 errors on startup.
You can customize other `config.php` defines using environment variables (see `app/Dockerfile`
for complete list).
#### Build and start the container
```sh

@ -13,10 +13,49 @@ ADD updater.sh /
ADD index.php /
ADD dcron.sh /
ADD backup.sh /etc/periodic/weekly/backup
ADD config.docker.php /
RUN sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf
RUN sed -i.bak 's/\(memory_limit =\) 128M/\1 256M/' /etc/php7/php.ini
RUN sed -i.bak 's/;clear_env = .*/clear_env = no/i' /etc/php7/php-fpm.d/www.conf
RUN mkdir -p /var/www
RUN mkdir -p /opt/tt-rss/config.d
ENV OWNER_UID=1000
ENV OWNER_GID=1000
ENV DB_TYPE="pgsql"
ENV DB_HOST="db"
ENV DB_USER="%DB_USER"
ENV DB_NAME="%DB_NAME"
ENV DB_PASS="%DB_PASS"
ENV DB_PORT="5432"
# config.php defaults
ENV MYSQL_CHARSET="UTF8"
ENV SELF_URL_PATH="%SELF_URL_PATH"
ENV SINGLE_USER_MODE="false"
ENV SIMPLE_UPDATE_MODE="false"
ENV PHP_EXECUTABLE="/usr/bin/php"
ENV LOCK_DIRECTORY="lock"
ENV CACHE_DIR="cache"
ENV ICONS_DIR="feed-icons"
ENV ICONS_URL="feed-icons"
ENV AUTH_AUTO_CREATE="true"
ENV AUTH_AUTO_LOGIN="true"
ENV FORCE_ARTICLE_PURGE="0"
ENV ENABLE_REGISTRATION="false"
ENV REG_NOTIFY_ADDRESS="user@your.domain.dom"
ENV REG_MAX_USERS="10"
ENV SESSION_COOKIE_LIFETIME="86400"
ENV SMTP_FROM_NAME="Tiny Tiny RSS"
ENV SMTP_FROM_ADDRESS="noreply@your.domain.dom"
ENV DIGEST_SUBJECT="[tt-rss] New headlines for last 24 hours"
ENV CHECK_FOR_UPDATES="true"
ENV ENABLE_GZIP_OUTPUT="false"
ENV PLUGINS="auth_internal, note"
ENV LOG_DESTINATION="sql"
ENV CONFIG_VERSION="26"
CMD /startup.sh

@ -0,0 +1,174 @@
<?php
// *******************************************
// *** Database configuration (important!) ***
// *******************************************
define('DB_TYPE', getenv('DB_TYPE')); // pgsql or mysql
define('DB_HOST', getenv('DB_HOST'));
define('DB_USER', getenv('DB_USER'));
define('DB_NAME', getenv('DB_NAME'));
define('DB_PASS', getenv('DB_PASS'));
define('DB_PORT', getenv('DB_PORT')); // usually 5432 for PostgreSQL, 3306 for MySQL
define('MYSQL_CHARSET', getenv('MYSQL_CHARSET'));
// Connection charset for MySQL. If you have a legacy database and/or experience
// garbage unicode characters with this option, try setting it to a blank string.
// ***********************************
// *** Basic settings (important!) ***
// ***********************************
define('SELF_URL_PATH', getenv('SELF_URL_PATH'));
// This should be set to a fully qualified URL used to access
// your tt-rss instance over the net, such as: https://example.org/tt-rss/
// The value should be a constant string literal. Please don't use
// PHP server variables here - you might introduce security
// issues on your install and cause hard to debug problems.
// If your tt-rss instance is behind a reverse proxy, use the external URL.
define('SINGLE_USER_MODE', getenv('SINGLE_USER_MODE'));
// Operate in single user mode, disables all functionality related to
// multiple users and authentication. Enabling this assumes you have
// your tt-rss directory protected by other means (e.g. http auth).
define('SIMPLE_UPDATE_MODE', getenv('SIMPLE_UPDATE_MODE'));
// Enables fallback update mode where tt-rss tries to update feeds in
// background while tt-rss is open in your browser.
// If you don't have a lot of feeds and don't want to or can't run
// background processes while not running tt-rss, this method is generally
// viable to keep your feeds up to date.
// Still, there are more robust (and recommended) updating methods
// available, you can read about them here: https://tt-rss.org/wiki/UpdatingFeeds
// *****************************
// *** Files and directories ***
// *****************************
define('PHP_EXECUTABLE', getenv('PHP_EXECUTABLE'));
// Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss
// programs and update daemon. Do not try to use CGI binary here, it won't work.
// If you see HTTP headers being displayed while running tt-rss scripts,
// then most probably you are using the CGI binary. If you are unsure what to
// put in here, ask your hosting provider.
define('LOCK_DIRECTORY', getenv('LOCK_DIRECTORY'));
// Directory for lockfiles, must be writable to the user you run
// daemon process or cronjobs under.
define('CACHE_DIR', getenv('CACHE_DIR'));
// Local cache directory for RSS feed content.
define('ICONS_DIR', getenv('ICONS_DIR'));
define('ICONS_URL', getenv('ICONS_URL'));
// Local and URL path to the directory, where feed favicons are stored.
// Unless you really know what you're doing, please keep those relative
// to tt-rss main directory.
// **********************
// *** Authentication ***
// **********************
// Please see PLUGINS below to configure various authentication modules.
define('AUTH_AUTO_CREATE', getenv('AUTH_AUTO_CREATE'));
// Allow authentication modules to auto-create users in tt-rss internal
// database when authenticated successfully.
define('AUTH_AUTO_LOGIN', getenv('AUTH_AUTO_LOGIN'));
// Automatically login user on remote or other kind of externally supplied
// authentication, otherwise redirect to login form as normal.
// If set to true, users won't be able to set application language
// and settings profile.
// *********************
// *** Feed settings ***
// *********************
define('FORCE_ARTICLE_PURGE', getenv('FORCE_ARTICLE_PURGE'));
// When this option is not 0, users ability to control feed purging
// intervals is disabled and all articles (which are not starred)
// older than this amount of days are purged.
// ***********************************
// *** Self-registrations by users ***
// ***********************************
define('ENABLE_REGISTRATION', getenv('ENABLE_REGISTRATION'));
// Allow users to register themselves. Please be aware that allowing
// random people to access your tt-rss installation is a security risk
// and potentially might lead to data loss or server exploit. Disabled
// by default.
define('REG_NOTIFY_ADDRESS', getenv('REG_NOTIFY_ADDRESS'));
// Email address to send new user notifications to.
define('REG_MAX_USERS', getenv('REG_MAX_USERS'));
// Maximum amount of users which will be allowed to register on this
// system. 0 - no limit.
// **********************************
// *** Cookies and login sessions ***
// **********************************
define('SESSION_COOKIE_LIFETIME', getenv('SESSION_COOKIE_LIFETIME'));
// Default lifetime of a session (e.g. login) cookie. In seconds,
// 0 means cookie will be deleted when browser closes.
// *********************************
// *** Email and digest settings ***
// *********************************
// Tiny Tiny RSS sends mail via PHP mail() function, unless handled
// by a plugin.
// If you need SMTP support, take a look here:
// https://git.tt-rss.org/fox/ttrss-mailer-smtp
define('SMTP_FROM_NAME', getenv('SMTP_FROM_NAME'));
define('SMTP_FROM_ADDRESS', getenv('SMTP_FROM_ADDRESS'));
// Name, address and subject for sending outgoing mail. This applies
// to password reset notifications, digest emails and any other mail.
define('DIGEST_SUBJECT', getenv('DIGEST_SUBJECT'));
// Subject line for email digests
// ***************************************
// *** Other settings (less important) ***
// ***************************************
define('CHECK_FOR_UPDATES', getenv('CHECK_FOR_UPDATES'));
// Check for updates automatically if running Git version
define('ENABLE_GZIP_OUTPUT', getenv('ENABLE_GZIP_OUTPUT'));
// Selectively gzip output to improve wire performance. This requires
// PHP Zlib extension on the server.
// Enabling this can break tt-rss in several httpd/php configurations,
// if you experience weird errors and tt-rss failing to start, blank pages
// after login, or content encoding errors, disable it.
define('PLUGINS', getenv('PLUGINS'));
// Comma-separated list of plugins to load automatically for all users.
// System plugins have to be specified here. Please enable at least one
// authentication plugin here (auth_*).
// Users may enable other user plugins from Preferences/Plugins but may not
// disable plugins specified in this list.
// Disabling auth_internal in this list would automatically disable
// reset password link on the login form.
define('LOG_DESTINATION', getenv('LOG_DESTINATION'));
// Error log destination to use. Possible values: sql (uses internal logging
// you can read in Preferences -> System), syslog - logs to system log.
// Setting this to blank uses PHP logging (usually to http server
// error.log).
// Note that feed updating daemons don't use this logging facility
// for normal output.
define('CONFIG_VERSION', getenv('CONFIG_VERSION'));
// Expected config version. Please update this option in config.php
// if necessary (after migrating all new options from this file).
// vim:ft=php
$snippets = glob("/opt/tt-rss/config.d/*.php");
foreach ($snippets as $snippet)
require_once $snippet;

@ -0,0 +1,4 @@
$snippets = glob("/opt/tt-rss/config.d/*.php");
foreach ($snippets as $snippet)
require_once $snippet;

@ -0,0 +1,170 @@
<?php
// *******************************************
// *** Database configuration (important!) ***
// *******************************************
define('DB_TYPE', '%DB_TYPE'); // pgsql or mysql
define('DB_HOST', '%DB_HOST');
define('DB_USER', '%DB_USER');
define('DB_NAME', '%DB_NAME');
define('DB_PASS', '%DB_PASS');
define('DB_PORT', '%DB_PORT'); // usually 5432 for PostgreSQL, 3306 for MySQL
define('MYSQL_CHARSET', 'UTF8');
// Connection charset for MySQL. If you have a legacy database and/or experience
// garbage unicode characters with this option, try setting it to a blank string.
// ***********************************
// *** Basic settings (important!) ***
// ***********************************
define('SELF_URL_PATH', '%SELF_URL_PATH');
// This should be set to a fully qualified URL used to access
// your tt-rss instance over the net, such as: https://example.org/tt-rss/
// The value should be a constant string literal. Please don't use
// PHP server variables here - you might introduce security
// issues on your install and cause hard to debug problems.
// If your tt-rss instance is behind a reverse proxy, use the external URL.
define('SINGLE_USER_MODE', false);
// Operate in single user mode, disables all functionality related to
// multiple users and authentication. Enabling this assumes you have
// your tt-rss directory protected by other means (e.g. http auth).
define('SIMPLE_UPDATE_MODE', false);
// Enables fallback update mode where tt-rss tries to update feeds in
// background while tt-rss is open in your browser.
// If you don't have a lot of feeds and don't want to or can't run
// background processes while not running tt-rss, this method is generally
// viable to keep your feeds up to date.
// Still, there are more robust (and recommended) updating methods
// available, you can read about them here: https://tt-rss.org/wiki/UpdatingFeeds
// *****************************
// *** Files and directories ***
// *****************************
define('PHP_EXECUTABLE', '/usr/bin/php');
// Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss
// programs and update daemon. Do not try to use CGI binary here, it won't work.
// If you see HTTP headers being displayed while running tt-rss scripts,
// then most probably you are using the CGI binary. If you are unsure what to
// put in here, ask your hosting provider.
define('LOCK_DIRECTORY', 'lock');
// Directory for lockfiles, must be writable to the user you run
// daemon process or cronjobs under.
define('CACHE_DIR', 'cache');
// Local cache directory for RSS feed content.
define('ICONS_DIR', "feed-icons");
define('ICONS_URL', "feed-icons");
// Local and URL path to the directory, where feed favicons are stored.
// Unless you really know what you're doing, please keep those relative
// to tt-rss main directory.
// **********************
// *** Authentication ***
// **********************
// Please see PLUGINS below to configure various authentication modules.
define('AUTH_AUTO_CREATE', true);
// Allow authentication modules to auto-create users in tt-rss internal
// database when authenticated successfully.
define('AUTH_AUTO_LOGIN', true);
// Automatically login user on remote or other kind of externally supplied
// authentication, otherwise redirect to login form as normal.
// If set to true, users won't be able to set application language
// and settings profile.
// *********************
// *** Feed settings ***
// *********************
define('FORCE_ARTICLE_PURGE', 0);
// When this option is not 0, users ability to control feed purging
// intervals is disabled and all articles (which are not starred)
// older than this amount of days are purged.
// ***********************************
// *** Self-registrations by users ***
// ***********************************
define('ENABLE_REGISTRATION', false);
// Allow users to register themselves. Please be aware that allowing
// random people to access your tt-rss installation is a security risk
// and potentially might lead to data loss or server exploit. Disabled
// by default.
define('REG_NOTIFY_ADDRESS', 'user@your.domain.dom');
// Email address to send new user notifications to.
define('REG_MAX_USERS', 10);
// Maximum amount of users which will be allowed to register on this
// system. 0 - no limit.
// **********************************
// *** Cookies and login sessions ***
// **********************************
define('SESSION_COOKIE_LIFETIME', 86400);
// Default lifetime of a session (e.g. login) cookie. In seconds,
// 0 means cookie will be deleted when browser closes.
// *********************************
// *** Email and digest settings ***
// *********************************
// Tiny Tiny RSS sends mail via PHP mail() function, unless handled
// by a plugin.
// If you need SMTP support, take a look here:
// https://git.tt-rss.org/fox/ttrss-mailer-smtp
define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
define('SMTP_FROM_ADDRESS', 'noreply@your.domain.dom');
// Name, address and subject for sending outgoing mail. This applies
// to password reset notifications, digest emails and any other mail.
define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
// Subject line for email digests
// ***************************************
// *** Other settings (less important) ***
// ***************************************
define('CHECK_FOR_UPDATES', true);
// Check for updates automatically if running Git version
define('ENABLE_GZIP_OUTPUT', false);
// Selectively gzip output to improve wire performance. This requires
// PHP Zlib extension on the server.
// Enabling this can break tt-rss in several httpd/php configurations,
// if you experience weird errors and tt-rss failing to start, blank pages
// after login, or content encoding errors, disable it.
define('PLUGINS', 'auth_internal, note');
// Comma-separated list of plugins to load automatically for all users.
// System plugins have to be specified here. Please enable at least one
// authentication plugin here (auth_*).
// Users may enable other user plugins from Preferences/Plugins but may not
// disable plugins specified in this list.
// Disabling auth_internal in this list would automatically disable
// reset password link on the login form.
define('LOG_DESTINATION', 'sql');
// Error log destination to use. Possible values: sql (uses internal logging
// you can read in Preferences -> System), syslog - logs to system log.
// Setting this to blank uses PHP logging (usually to http server
// error.log).
// Note that feed updating daemons don't use this logging facility
// for normal output.
define('CONFIG_VERSION', 26);
// Expected config version. Please update this option in config.php
// if necessary (after migrating all new options from this file).
// vim:ft=php

@ -0,0 +1,6 @@
#!/bin/sh
sed -e "s/define('\([A-Z_]\+\)', [^)]\+/define('\1', getenv('\1')/" \
< config.php-dist > config.docker.php
cat config.php-config.d >> config.docker.php

@ -0,0 +1,3 @@
#!/bin/sh
grep define config.php-dist | sed -e "s/[ \t]*define('\([A-Z_]\+\)', ['\"]\?\([^'\")]\+\).*/ENV \1=\"\2\"/"

@ -1,4 +1,4 @@
#!/bin/sh -e
#!/bin/sh -ex
while ! pg_isready -h $DB_HOST -U $DB_USER; do
echo waiting until $DB_HOST is ready...
@ -66,35 +66,24 @@ elif ! $PSQL -c 'select * from ttrss_version'; then
$PSQL < /var/www/html/tt-rss/schema/ttrss_schema_pgsql.sql
fi
SELF_URL_PATH=$(echo $SELF_URL_PATH | sed -e 's/[\/&]/\\&/g')
export SELF_URL_PATH=$(echo $SELF_URL_PATH | sed -e 's/[\/&]/\\&/g')
env
if [ ! -s $DST_DIR/config.php ]; then
sed \
-e "s/define('DB_HOST'.*/define('DB_HOST', '$DB_HOST');/" \
-e "s/define('DB_USER'.*/define('DB_USER', '$DB_USER');/" \
-e "s/define('DB_NAME'.*/define('DB_NAME', '$DB_NAME');/" \
-e "s/define('DB_PASS'.*/define('DB_PASS', '$DB_PASS');/" \
-e "s/define('DB_TYPE'.*/define('DB_TYPE', 'pgsql');/" \
-e "s/define('DB_PORT'.*/define('DB_PORT', 5432);/" \
-e "s/define('PLUGINS'.*/define('PLUGINS', 'auth_internal, note, nginx_xaccel');/" \
-e "s/define('SELF_URL_PATH'.*/define('SELF_URL_PATH','$SELF_URL_PATH');/" \
< $DST_DIR/config.php-dist > $DST_DIR/config.php
cp /config.docker.php $DST_DIR/config.php
cat >> $DST_DIR/config.php << EOF
define('NGINX_XACCEL_PREFIX', '/tt-rss');
EOF
else
sed \
-e "s/define('SELF_URL_PATH'.*/define('SELF_URL_PATH','$SELF_URL_PATH');/" \
-i $DST_DIR/config.php
fi
# this was previously generated
rm -f $DST_DIR/config.php.bak
cd $DST_DIR && sudo -u app php ./update.php --update-schema=force-yes
cd $DST_DIR && sudo -E -u app php ./update.php --update-schema=force-yes
touch $DST_DIR/.app_is_ready
sudo -u app /usr/sbin/php-fpm7 -F
sudo -E -u app /usr/sbin/php-fpm7 -F

@ -20,4 +20,4 @@ while [ ! -s $DST_DIR/config.php -a -e $DST_DIR/.app_is_ready ]; do
sleep 3
done
sudo -u app /usr/bin/php /var/www/html/tt-rss/update_daemon2.php
sudo -E -u app /usr/bin/php /var/www/html/tt-rss/update_daemon2.php

@ -0,0 +1 @@
Put anything else you need included into `config.php` to this directory as separate `.php` files.

@ -7,11 +7,10 @@ services:
db:
image: postgres:12-alpine
restart: unless-stopped
env_file:
- .env
volumes:
- db:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_USER=${POSTGRES_USER}
app:
build:
@ -19,16 +18,13 @@ services:
./app
restart: unless-stopped
environment:
- DB_TYPE=pgsql
- DB_HOST=db
- DB_NAME=${POSTGRES_USER}
- DB_USER=${POSTGRES_USER}
- DB_PASS=${POSTGRES_PASSWORD}
- OWNER_UID=${OWNER_UID}
- OWNER_GID=${OWNER_GID}
- SELF_URL_PATH=${SELF_URL_PATH}
volumes:
- app:/var/www/html
- ./config.d:/opt/tt-rss/config.d:ro
depends_on:
- db
@ -38,13 +34,9 @@ services:
./app
restart: unless-stopped
environment:
- DB_TYPE=pgsql
- DB_HOST=db
- DB_NAME=${POSTGRES_USER}
- DB_USER=${POSTGRES_USER}
- DB_PASS=${POSTGRES_PASSWORD}
- OWNER_UID=${OWNER_UID}
- OWNER_GID=${OWNER_GID}
volumes:
- backups:/backups
- app:/var/www/html
@ -58,16 +50,13 @@ services:
./app
restart: unless-stopped
environment:
- DB_TYPE=pgsql
- DB_HOST=db
- DB_NAME=${POSTGRES_USER}
- DB_USER=${POSTGRES_USER}
- DB_PASS=${POSTGRES_PASSWORD}
- OWNER_UID=${OWNER_UID}
- OWNER_GID=${OWNER_GID}
- SELF_URL_PATH=${SELF_URL_PATH}
volumes:
- app:/var/www/html
- ./config.d:/opt/tt-rss/config.d:ro
depends_on:
- app
command: /updater.sh

Loading…
Cancel
Save