- merge changes from dynamic-env branch

- cleanup YML files, etc

.env-dist

@@ -1,22 +1,21 @@
 # Copy this file to .env before building the container.
 # Put any local modifications here.
 
-BUILD_TAG=latest
-
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=password
 
-OWNER_UID=1000
-OWNER_GID=1000
-
-# You can keep this as localhost unless you want to use the ssl sidecar 
-# container (I suggest terminating ssl on the reverse proxy instead).
-HTTP_HOST=localhost
+# This is only used by web-ssl container.
+#HTTP_HOST=localhost
 
 # You will likely need to set this to the correct value, see README.md
 # for more information.
 SELF_URL_PATH=http://localhost:8280/tt-rss
 
+# You can customize other config.php defines by setting overrides here.
+# See app/Dockerfile for complete list. Examples:
+# PLUGINS=auth_remote
+# SINGLE_USER_MODE=true
+
 # bind exposed port to 127.0.0.1 by default in case reverse proxy is used.
 # if you plan to run the container standalone and need origin port exposed
 # use next HTTP_PORT definition (or remove "127.0.0.1:").

docker-compose.yml

@@ -1,64 +1,36 @@
 version: '3'
 
-# set database password in .env
-# please don't use quote (') or (") symbols in variables
-
 services:
   db:
     image: postgres:12-alpine
     restart: unless-stopped
+    env_file:
+      - .env
     volumes:
       - db:/var/lib/postgresql/data
-    environment:    
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_USER=${POSTGRES_USER}
 
   app:
     image: cthulhoo/ttrss-fpm-pgsql-static
     restart: unless-stopped
+    env_file:
+      - .env
     environment:
-      - DB_TYPE=pgsql
-      - DB_HOST=db
       - DB_NAME=${POSTGRES_USER}
       - DB_USER=${POSTGRES_USER}
       - DB_PASS=${POSTGRES_PASSWORD}
-      - OWNER_UID=${OWNER_UID}
-      - OWNER_GID=${OWNER_GID}
-      - SELF_URL_PATH=${SELF_URL_PATH}
     volumes:
       - app:/var/www/html
+      - ./config.d:/opt/tt-rss/config.d:ro
     depends_on:
       - db
 
-  updater:
-    image: cthulhoo/ttrss-fpm-pgsql-static
-    restart: unless-stopped
-    environment:
-      - DB_TYPE=pgsql
-      - DB_HOST=db
-      - DB_NAME=${POSTGRES_USER}
-      - DB_USER=${POSTGRES_USER}
-      - DB_PASS=${POSTGRES_PASSWORD}
-      - OWNER_UID=${OWNER_UID}
-      - OWNER_GID=${OWNER_GID}
-      - SELF_URL_PATH=${SELF_URL_PATH}
-    volumes:
-      - app:/var/www/html
-    depends_on:
-      - app
-    command: /updater.sh
-
   backups:
     image: cthulhoo/ttrss-fpm-pgsql-static
     restart: unless-stopped
     environment:
-      - DB_TYPE=pgsql
-      - DB_HOST=db
       - DB_NAME=${POSTGRES_USER}
       - DB_USER=${POSTGRES_USER}
       - DB_PASS=${POSTGRES_PASSWORD}
-      - OWNER_UID=${OWNER_UID}
-      - OWNER_GID=${OWNER_GID}
     volumes:
       - backups:/backups
       - app:/var/www/html
@@ -66,6 +38,22 @@ services:
       - db
     command: /dcron.sh -f
 
+  updater:
+    image: cthulhoo/ttrss-fpm-pgsql-static
+    restart: unless-stopped
+    env_file:
+      - .env
+    environment:
+      - DB_NAME=${POSTGRES_USER}
+      - DB_USER=${POSTGRES_USER}
+      - DB_PASS=${POSTGRES_PASSWORD}
+    volumes:
+      - app:/var/www/html
+      - ./config.d:/opt/tt-rss/config.d:ro
+    depends_on:
+      - app
+    command: /updater.sh
+
 #  web:
 #    image: cthulhoo/ttrss-web
 #    restart: unless-stopped
@@ -103,6 +91,6 @@ services:
 
 volumes:
   db:
-  app:  
+  app:
   certs:
   backups:

src/app/Dockerfile

@@ -14,10 +14,51 @@ ADD index.php /
 ADD build-prepare.sh /
 ADD dcron.sh /
 ADD backup.sh /etc/periodic/weekly/backup
+ADD config.docker.php /
 
 RUN sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf
 RUN sed -i.bak 's/\(memory_limit =\) 128M/\1 256M/' /etc/php7/php.ini
+RUN sed -i.bak 's/;clear_env = .*/clear_env = no/i' /etc/php7/php-fpm.d/www.conf
+
+RUN mkdir -p /var/www
+RUN mkdir -p /opt/tt-rss/config.d
 
 RUN sh -c /build-prepare.sh
 
+ENV OWNER_UID=1000
+ENV OWNER_GID=1000
+
+ENV DB_TYPE="pgsql"
+ENV DB_HOST="db"
+ENV DB_USER="%DB_USER"
+ENV DB_NAME="%DB_NAME"
+ENV DB_PASS="%DB_PASS"
+ENV DB_PORT="5432"
+
+# config.php defaults
+ENV MYSQL_CHARSET="UTF8"
+ENV SELF_URL_PATH="%SELF_URL_PATH"
+ENV SINGLE_USER_MODE=""
+ENV SIMPLE_UPDATE_MODE=""
+ENV PHP_EXECUTABLE="/usr/bin/php"
+ENV LOCK_DIRECTORY="lock"
+ENV CACHE_DIR="cache"
+ENV ICONS_DIR="feed-icons"
+ENV ICONS_URL="feed-icons"
+ENV AUTH_AUTO_CREATE="true"
+ENV AUTH_AUTO_LOGIN="true"
+ENV FORCE_ARTICLE_PURGE="0"
+ENV ENABLE_REGISTRATION=""
+ENV REG_NOTIFY_ADDRESS="user@your.domain.dom"
+ENV REG_MAX_USERS="10"
+ENV SESSION_COOKIE_LIFETIME="86400"
+ENV SMTP_FROM_NAME="Tiny Tiny RSS"
+ENV SMTP_FROM_ADDRESS="noreply@your.domain.dom"
+ENV DIGEST_SUBJECT="[tt-rss] New headlines for last 24 hours"
+ENV CHECK_FOR_UPDATES="true"
+ENV ENABLE_GZIP_OUTPUT=""
+ENV PLUGINS="auth_internal, note"
+ENV LOG_DESTINATION="sql"
+ENV CONFIG_VERSION="26"
+
 CMD /startup.sh

src/app/config.docker.php

@@ -0,0 +1,174 @@
+<?php
+	// *******************************************
+	// *** Database configuration (important!) ***
+	// *******************************************
+
+	define('DB_TYPE', getenv('DB_TYPE')); // pgsql or mysql
+	define('DB_HOST', getenv('DB_HOST'));
+	define('DB_USER', getenv('DB_USER'));
+	define('DB_NAME', getenv('DB_NAME'));
+	define('DB_PASS', getenv('DB_PASS'));
+	define('DB_PORT', getenv('DB_PORT')); // usually 5432 for PostgreSQL, 3306 for MySQL
+
+	define('MYSQL_CHARSET', getenv('MYSQL_CHARSET'));
+	// Connection charset for MySQL. If you have a legacy database and/or experience
+	// garbage unicode characters with this option, try setting it to a blank string.
+
+	// ***********************************
+	// *** Basic settings (important!) ***
+	// ***********************************
+
+	define('SELF_URL_PATH', getenv('SELF_URL_PATH'));
+	// This should be set to a fully qualified URL used to access
+	// your tt-rss instance over the net, such as: https://example.org/tt-rss/
+	// The value should be a constant string literal. Please don't use
+	// PHP server variables here - you might introduce security
+	// issues on your install and cause hard to debug problems.
+	// If your tt-rss instance is behind a reverse proxy, use the external URL.
+
+	define('SINGLE_USER_MODE', getenv('SINGLE_USER_MODE'));
+	// Operate in single user mode, disables all functionality related to
+	// multiple users and authentication. Enabling this assumes you have
+	// your tt-rss directory protected by other means (e.g. http auth).
+
+	define('SIMPLE_UPDATE_MODE', getenv('SIMPLE_UPDATE_MODE'));
+	// Enables fallback update mode where tt-rss tries to update feeds in
+	// background while tt-rss is open in your browser.
+	// If you don't have a lot of feeds and don't want to or can't run
+	// background processes while not running tt-rss, this method is generally
+	// viable to keep your feeds up to date.
+	// Still, there are more robust (and recommended) updating methods
+	// available, you can read about them here: https://tt-rss.org/wiki/UpdatingFeeds
+
+	// *****************************
+	// *** Files and directories ***
+	// *****************************
+
+	define('PHP_EXECUTABLE', getenv('PHP_EXECUTABLE'));
+	// Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss
+	// programs and update daemon. Do not try to use CGI binary here, it won't work.
+	// If you see HTTP headers being displayed while running tt-rss scripts,
+	// then most probably you are using the CGI binary. If you are unsure what to
+	// put in here, ask your hosting provider.
+
+	define('LOCK_DIRECTORY', getenv('LOCK_DIRECTORY'));
+	// Directory for lockfiles, must be writable to the user you run
+	// daemon process or cronjobs under.
+
+	define('CACHE_DIR', getenv('CACHE_DIR'));
+	// Local cache directory for RSS feed content.
+
+	define('ICONS_DIR', getenv('ICONS_DIR'));
+	define('ICONS_URL', getenv('ICONS_URL'));
+	// Local and URL path to the directory, where feed favicons are stored.
+	// Unless you really know what you're doing, please keep those relative
+	// to tt-rss main directory.
+
+	// **********************
+	// *** Authentication ***
+	// **********************
+
+	// Please see PLUGINS below to configure various authentication modules.
+
+	define('AUTH_AUTO_CREATE', getenv('AUTH_AUTO_CREATE'));
+	// Allow authentication modules to auto-create users in tt-rss internal
+	// database when authenticated successfully.
+
+	define('AUTH_AUTO_LOGIN', getenv('AUTH_AUTO_LOGIN'));
+	// Automatically login user on remote or other kind of externally supplied
+	// authentication, otherwise redirect to login form as normal.
+	// If set to true, users won't be able to set application language
+	// and settings profile.
+
+	// *********************
+	// *** Feed settings ***
+	// *********************
+
+	define('FORCE_ARTICLE_PURGE', getenv('FORCE_ARTICLE_PURGE'));
+	// When this option is not 0, users ability to control feed purging
+	// intervals is disabled and all articles (which are not starred)
+	// older than this amount of days are purged.
+
+	// ***********************************
+	// *** Self-registrations by users ***
+	// ***********************************
+
+	define('ENABLE_REGISTRATION', getenv('ENABLE_REGISTRATION'));
+	// Allow users to register themselves. Please be aware that allowing
+	// random people to access your tt-rss installation is a security risk
+	// and potentially might lead to data loss or server exploit. Disabled
+	// by default.
+
+	define('REG_NOTIFY_ADDRESS', getenv('REG_NOTIFY_ADDRESS'));
+	// Email address to send new user notifications to.
+
+	define('REG_MAX_USERS', getenv('REG_MAX_USERS'));
+	// Maximum amount of users which will be allowed to register on this
+	// system. 0 - no limit.
+
+	// **********************************
+	// *** Cookies and login sessions ***
+	// **********************************
+
+	define('SESSION_COOKIE_LIFETIME', getenv('SESSION_COOKIE_LIFETIME'));
+	// Default lifetime of a session (e.g. login) cookie. In seconds,
+	// 0 means cookie will be deleted when browser closes.
+
+	// *********************************
+	// *** Email and digest settings ***
+	// *********************************
+
+	// Tiny Tiny RSS sends mail via PHP mail() function, unless handled
+	// by a plugin.
+
+	// If you need SMTP support, take a look here:
+	// https://git.tt-rss.org/fox/ttrss-mailer-smtp
+
+	define('SMTP_FROM_NAME', getenv('SMTP_FROM_NAME'));
+	define('SMTP_FROM_ADDRESS', getenv('SMTP_FROM_ADDRESS'));
+	// Name, address and subject for sending outgoing mail. This applies
+	// to password reset notifications, digest emails and any other mail.
+
+	define('DIGEST_SUBJECT', getenv('DIGEST_SUBJECT'));
+	// Subject line for email digests
+
+	// ***************************************
+	// *** Other settings (less important) ***
+	// ***************************************
+
+	define('CHECK_FOR_UPDATES', getenv('CHECK_FOR_UPDATES'));
+	// Check for updates automatically if running Git version
+
+	define('ENABLE_GZIP_OUTPUT', getenv('ENABLE_GZIP_OUTPUT'));
+	// Selectively gzip output to improve wire performance. This requires
+	// PHP Zlib extension on the server.
+	// Enabling this can break tt-rss in several httpd/php configurations,
+	// if you experience weird errors and tt-rss failing to start, blank pages
+	// after login, or content encoding errors, disable it.
+
+	define('PLUGINS', getenv('PLUGINS'));
+	// Comma-separated list of plugins to load automatically for all users.
+	// System plugins have to be specified here. Please enable at least one
+	// authentication plugin here (auth_*).
+	// Users may enable other user plugins from Preferences/Plugins but may not
+	// disable plugins specified in this list.
+	// Disabling auth_internal in this list would automatically disable
+	// reset password link on the login form.
+
+	define('LOG_DESTINATION', getenv('LOG_DESTINATION'));
+	// Error log destination to use. Possible values: sql (uses internal logging
+	// you can read in Preferences -> System), syslog - logs to system log.
+	// Setting this to blank uses PHP logging (usually to http server
+	// error.log).
+	// Note that feed updating daemons don't use this logging facility
+	// for normal output.
+
+	define('CONFIG_VERSION', getenv('CONFIG_VERSION'));
+	// Expected config version. Please update this option in config.php
+	// if necessary (after migrating all new options from this file).
+
+	// vim:ft=php
+	$snippets = glob("/opt/tt-rss/config.d/*.php");
+
+	foreach ($snippets as $snippet) 
+		require_once $snippet;

src/app/config.php-config.d

@@ -0,0 +1,4 @@
+	$snippets = glob("/opt/tt-rss/config.d/*.php");
+
+	foreach ($snippets as $snippet) 
+		require_once $snippet;

src/app/config.php-dist

@@ -0,0 +1,170 @@
+<?php
+	// *******************************************
+	// *** Database configuration (important!) ***
+	// *******************************************
+
+	define('DB_TYPE', '%DB_TYPE'); // pgsql or mysql
+	define('DB_HOST', '%DB_HOST');
+	define('DB_USER', '%DB_USER');
+	define('DB_NAME', '%DB_NAME');
+	define('DB_PASS', '%DB_PASS');
+	define('DB_PORT', '%DB_PORT'); // usually 5432 for PostgreSQL, 3306 for MySQL
+
+	define('MYSQL_CHARSET', 'UTF8');
+	// Connection charset for MySQL. If you have a legacy database and/or experience
+	// garbage unicode characters with this option, try setting it to a blank string.
+
+	// ***********************************
+	// *** Basic settings (important!) ***
+	// ***********************************
+
+	define('SELF_URL_PATH', '%SELF_URL_PATH');
+	// This should be set to a fully qualified URL used to access
+	// your tt-rss instance over the net, such as: https://example.org/tt-rss/
+	// The value should be a constant string literal. Please don't use
+	// PHP server variables here - you might introduce security
+	// issues on your install and cause hard to debug problems.
+	// If your tt-rss instance is behind a reverse proxy, use the external URL.
+
+	define('SINGLE_USER_MODE', false);
+	// Operate in single user mode, disables all functionality related to
+	// multiple users and authentication. Enabling this assumes you have
+	// your tt-rss directory protected by other means (e.g. http auth).
+
+	define('SIMPLE_UPDATE_MODE', false);
+	// Enables fallback update mode where tt-rss tries to update feeds in
+	// background while tt-rss is open in your browser.
+	// If you don't have a lot of feeds and don't want to or can't run
+	// background processes while not running tt-rss, this method is generally
+	// viable to keep your feeds up to date.
+	// Still, there are more robust (and recommended) updating methods
+	// available, you can read about them here: https://tt-rss.org/wiki/UpdatingFeeds
+
+	// *****************************
+	// *** Files and directories ***
+	// *****************************
+
+	define('PHP_EXECUTABLE', '/usr/bin/php');
+	// Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss
+	// programs and update daemon. Do not try to use CGI binary here, it won't work.
+	// If you see HTTP headers being displayed while running tt-rss scripts,
+	// then most probably you are using the CGI binary. If you are unsure what to
+	// put in here, ask your hosting provider.
+
+	define('LOCK_DIRECTORY', 'lock');
+	// Directory for lockfiles, must be writable to the user you run
+	// daemon process or cronjobs under.
+
+	define('CACHE_DIR', 'cache');
+	// Local cache directory for RSS feed content.
+
+	define('ICONS_DIR', "feed-icons");
+	define('ICONS_URL', "feed-icons");
+	// Local and URL path to the directory, where feed favicons are stored.
+	// Unless you really know what you're doing, please keep those relative
+	// to tt-rss main directory.
+
+	// **********************
+	// *** Authentication ***
+	// **********************
+
+	// Please see PLUGINS below to configure various authentication modules.
+
+	define('AUTH_AUTO_CREATE', true);
+	// Allow authentication modules to auto-create users in tt-rss internal
+	// database when authenticated successfully.
+
+	define('AUTH_AUTO_LOGIN', true);
+	// Automatically login user on remote or other kind of externally supplied
+	// authentication, otherwise redirect to login form as normal.
+	// If set to true, users won't be able to set application language
+	// and settings profile.
+
+	// *********************
+	// *** Feed settings ***
+	// *********************
+
+	define('FORCE_ARTICLE_PURGE', 0);
+	// When this option is not 0, users ability to control feed purging
+	// intervals is disabled and all articles (which are not starred)
+	// older than this amount of days are purged.
+
+	// ***********************************
+	// *** Self-registrations by users ***
+	// ***********************************
+
+	define('ENABLE_REGISTRATION', false);
+	// Allow users to register themselves. Please be aware that allowing
+	// random people to access your tt-rss installation is a security risk
+	// and potentially might lead to data loss or server exploit. Disabled
+	// by default.
+
+	define('REG_NOTIFY_ADDRESS', 'user@your.domain.dom');
+	// Email address to send new user notifications to.
+
+	define('REG_MAX_USERS', 10);
+	// Maximum amount of users which will be allowed to register on this
+	// system. 0 - no limit.
+
+	// **********************************
+	// *** Cookies and login sessions ***
+	// **********************************
+
+	define('SESSION_COOKIE_LIFETIME', 86400);
+	// Default lifetime of a session (e.g. login) cookie. In seconds,
+	// 0 means cookie will be deleted when browser closes.
+
+	// *********************************
+	// *** Email and digest settings ***
+	// *********************************
+
+	// Tiny Tiny RSS sends mail via PHP mail() function, unless handled
+	// by a plugin.
+
+	// If you need SMTP support, take a look here:
+	// https://git.tt-rss.org/fox/ttrss-mailer-smtp
+
+	define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
+	define('SMTP_FROM_ADDRESS', 'noreply@your.domain.dom');
+	// Name, address and subject for sending outgoing mail. This applies
+	// to password reset notifications, digest emails and any other mail.
+
+	define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
+	// Subject line for email digests
+
+	// ***************************************
+	// *** Other settings (less important) ***
+	// ***************************************
+
+	define('CHECK_FOR_UPDATES', true);
+	// Check for updates automatically if running Git version
+
+	define('ENABLE_GZIP_OUTPUT', false);
+	// Selectively gzip output to improve wire performance. This requires
+	// PHP Zlib extension on the server.
+	// Enabling this can break tt-rss in several httpd/php configurations,
+	// if you experience weird errors and tt-rss failing to start, blank pages
+	// after login, or content encoding errors, disable it.
+
+	define('PLUGINS', 'auth_internal, note');
+	// Comma-separated list of plugins to load automatically for all users.
+	// System plugins have to be specified here. Please enable at least one
+	// authentication plugin here (auth_*).
+	// Users may enable other user plugins from Preferences/Plugins but may not
+	// disable plugins specified in this list.
+	// Disabling auth_internal in this list would automatically disable
+	// reset password link on the login form.
+
+	define('LOG_DESTINATION', 'sql');
+	// Error log destination to use. Possible values: sql (uses internal logging
+	// you can read in Preferences -> System), syslog - logs to system log.
+	// Setting this to blank uses PHP logging (usually to http server
+	// error.log).
+	// Note that feed updating daemons don't use this logging facility
+	// for normal output.
+
+	define('CONFIG_VERSION', 26);
+	// Expected config version. Please update this option in config.php
+	// if necessary (after migrating all new options from this file).
+
+	// vim:ft=php

src/app/prepare-config.php

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+sed -e "s/define('\([A-Z_]\+\)', [^)]\+/define('\1', getenv('\1')/" \
+	< config.php-dist > config.docker.php
+
+cat config.php-config.d >> config.docker.php

src/app/prepare-environment.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+grep define config.php-dist | sed -e "s/[ \t]*define('\([A-Z_]\+\)', ['\"]\?\([^'\")]\+\).*/ENV \1=\"\2\"/"

src/app/startup.sh

@@ -1,11 +1,15 @@
-#!/bin/sh -ex
+#!/bin/sh -e
 
 while ! pg_isready -h $DB_HOST -U $DB_USER; do
 	echo waiting until $DB_HOST is ready...
 	sleep 3
 done
 
-if ! id app; then
+# We don't need those here (HTTP_HOST would cause false SELF_URL_PATH check failures)
+unset HTTP_PORT
+unset HTTP_HOST
+
+if ! id app >/dev/null 2>&1; then
 	addgroup -g $OWNER_GID app
 	adduser -D -h /var/www/html -G app -u $OWNER_UID app
 fi
@@ -15,7 +19,7 @@ SRC_DIR=/src/tt-rss/
 
 [ -e $DST_DIR ] && rm -f $DST_DIR/.app_is_ready
 
-export PGPASSWORD=$DB_PASS 
+export PGPASSWORD=$DB_PASS
 
 [ ! -e /var/www/html/index.php ] && cp /index.php /var/www/html
 
@@ -41,14 +45,14 @@ for d in cache lock feed-icons plugins.local themes.local; do
 	mkdir -p $DST_DIR/$d
 done
 
+chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
+	/var/log/php7
+
 for d in cache lock feed-icons; do
 	chmod 777 $DST_DIR/$d
 	find $DST_DIR/$d -type f -exec chmod 666 {} \;
 done
 
-chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
-	/var/log/php7	
-
 PSQL="psql -q -h $DB_HOST -U $DB_USER $DB_NAME"
 
 $PSQL -c "create extension if not exists pg_trgm"
@@ -61,32 +65,20 @@ elif ! $PSQL -c 'select * from ttrss_version'; then
 	$PSQL < /var/www/html/tt-rss/schema/ttrss_schema_pgsql.sql
 fi
 
-SELF_URL_PATH=$(echo $SELF_URL_PATH | sed -e 's/[\/&]/\\&/g')
-
 if [ ! -s $DST_DIR/config.php ]; then
-	sed \
-		-e "s/define('DB_HOST'.*/define('DB_HOST', '$DB_HOST');/" \
-		-e "s/define('DB_USER'.*/define('DB_USER', '$DB_USER');/" \
-		-e "s/define('DB_NAME'.*/define('DB_NAME', '$DB_NAME');/" \
-		-e "s/define('DB_PASS'.*/define('DB_PASS', '$DB_PASS');/" \
-		-e "s/define('DB_TYPE'.*/define('DB_TYPE', 'pgsql');/" \
-		-e "s/define('DB_PORT'.*/define('DB_PORT', 5432);/" \
-		-e "s/define('PLUGINS'.*/define('PLUGINS', 'auth_internal, note, nginx_xaccel');/" \
-		-e "s/define('SELF_URL_PATH'.*/define('SELF_URL_PATH','$SELF_URL_PATH');/" \
-		< $DST_DIR/config.php-dist > $DST_DIR/config.php
+	cp /config.docker.php $DST_DIR/config.php
 
 	cat >> $DST_DIR/config.php << EOF
 		define('NGINX_XACCEL_PREFIX', '/tt-rss');
 EOF
-else
-	sed \
-		-e "s/define('SELF_URL_PATH'.*/define('SELF_URL_PATH','$SELF_URL_PATH');/" \
-		-i $DST_DIR/config.php
 fi
 
-cd $DST_DIR && sudo -u app php ./update.php --update-schema=force-yes
+# this was previously generated
+rm -f $DST_DIR/config.php.bak
+
+cd $DST_DIR && sudo -E -u app php ./update.php --update-schema=force-yes
 
 touch $DST_DIR/.app_is_ready
 
-sudo -u app /usr/sbin/php-fpm7 -F
+sudo -E -u app /usr/sbin/php-fpm7 -F
 

src/app/updater.sh

@@ -1,4 +1,8 @@
-#!/bin/sh -ex
+#!/bin/sh -e
+
+# We don't need those here (HTTP_HOST would cause false SELF_URL_PATH check failures)
+unset HTTP_PORT
+unset HTTP_HOST
 
 # wait for the app container to delete .app_is_ready and perform rsync, etc.
 sleep 30
@@ -20,4 +24,4 @@ while [ ! -s $DST_DIR/config.php -a -e $DST_DIR/.app_is_ready ]; do
 	sleep 3
 done
 
-sudo -u app /usr/bin/php /var/www/html/tt-rss/update_daemon2.php
+sudo -E -u app /usr/bin/php /var/www/html/tt-rss/update_daemon2.php

src/docker-compose.yml

@@ -1,17 +1,11 @@
 version: '3'
 
-# set database password in .env
-# please don't use quote (') or (") symbols in variables
-
 services:
   db:
     image: postgres:12-alpine
     restart: unless-stopped
     volumes:
       - db:/var/lib/postgresql/data
-    environment:    
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_USER=${POSTGRES_USER}
 
   app:
     image: cthulhoo/ttrss-fpm-pgsql-static:${BUILD_TAG}
@@ -19,95 +13,42 @@ services:
       context:
         ./app
     restart: unless-stopped
-    environment:
-      - DB_TYPE=pgsql
-      - DB_HOST=db
-      - DB_NAME=${POSTGRES_USER}
-      - DB_USER=${POSTGRES_USER}
-      - DB_PASS=${POSTGRES_PASSWORD}
-      - OWNER_UID=${OWNER_UID}
-      - OWNER_GID=${OWNER_GID}
-      - SELF_URL_PATH=${SELF_URL_PATH}
     volumes:
       - app:/var/www/html
     depends_on:
       - db
 
-  updater:
-    image: cthulhoo/ttrss-fpm-pgsql-static:${BUILD_TAG}
-    build: 
-      context:
-        ./app
-    restart: unless-stopped
-    environment:
-      - DB_TYPE=pgsql
-      - DB_HOST=db
-      - DB_NAME=${POSTGRES_USER}
-      - DB_USER=${POSTGRES_USER}
-      - DB_PASS=${POSTGRES_PASSWORD}
-      - OWNER_UID=${OWNER_UID}
-      - OWNER_GID=${OWNER_GID}
-      - SELF_URL_PATH=${SELF_URL_PATH}
-    volumes:
-      - app:/var/www/html
-    depends_on:
-      - app
-    command: /updater.sh
+#  web:
+#    image: cthulhoo/ttrss-web:latest
+#    build: ./web
+#    restart: unless-stopped
+#    ports:
+#      - ${HTTP_PORT}:2015
+#    volumes:
+#      - app:/var/www/html:ro
+#    depends_on:
+#      - app
 
-  backups:
-    image: cthulhoo/ttrss-fpm-pgsql-static:${BUILD_TAG}
-    build:
-      context:
-        ./app
-    restart: unless-stopped
-    environment:
-      - DB_TYPE=pgsql
-      - DB_HOST=db
-      - DB_NAME=${POSTGRES_USER}
-      - DB_USER=${POSTGRES_USER}
-      - DB_PASS=${POSTGRES_PASSWORD}
-      - OWNER_UID=${OWNER_UID}
-      - OWNER_GID=${OWNER_GID}
-    volumes:
-      - backups:/backups
-      - app:/var/www/html
-    depends_on:
-      - db
-    command: /dcron.sh -f
-
-  web:
-    image: cthulhoo/ttrss-web:latest
-    build: ./web
-    restart: unless-stopped
-    ports:
-      - ${HTTP_PORT}:2015
-    volumes:
-      - app:/var/www/html:ro
-    depends_on:
-      - app
-
-  web-ssl:
-    image: cthulhoo/ttrss-web-ssl:latest
-    build: ./web-ssl
-    restart: unless-stopped
-    environment:
-      - CADDYPATH=/certs
-      - HTTP_HOST=${HTTP_HOST}
-    ports:
-      - 80:80
-      - 443:443
-    volumes:
-      - app:/var/www/html:ro
-      - certs:/certs
-    depends_on:
-      - app
+#  web-ssl:
+#    image: cthulhoo/ttrss-web-ssl:latest
+#    build: ./web-ssl
+#    restart: unless-stopped
+#    environment:
+#      - CADDYPATH=/certs
+#      - HTTP_HOST=${HTTP_HOST}
+#    ports:
+#      - 80:80
+#      - 443:443
+#    volumes:
+#      - app:/var/www/html:ro
+#      - certs:/certs
+#    depends_on:
+#      - app
 
   web-nginx:
     image: cthulhoo/ttrss-web-nginx:latest
     build: ./web-nginx
     restart: unless-stopped
-    ports:
-      - ${HTTP_PORT}:80
     volumes:
       - app:/var/www/html:ro
     depends_on: