- merge changes from dynamic-env branch

- cleanup YML files, etc
4 years ago · 8b4cfe23ea
parent c0443faf7f
commit 8b4cfe23ea
11 changed files with 469 additions and 147 deletions
--- a/.env-dist
+++ b/.env-dist
@ -1,22 +1,21 @@
 # Copy this file to .env before building the container.
 # Put any local modifications here.
 BUILD_TAG=latest
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=password
-OWNER_UID=1000
+# This is only used by web-ssl container.
-OWNER_GID=1000
+#HTTP_HOST=localhost
 # You can keep this as localhost unless you want to use the ssl sidecar 
 # container (I suggest terminating ssl on the reverse proxy instead).
 HTTP_HOST=localhost
 # You will likely need to set this to the correct value, see README.md
 # for more information.
 SELF_URL_PATH=http://localhost:8280/tt-rss
 # You can customize other config.php defines by setting overrides here.
 # See app/Dockerfile for complete list. Examples:
 # PLUGINS=auth_remote
 # SINGLE_USER_MODE=true
 # bind exposed port to 127.0.0.1 by default in case reverse proxy is used.
 # if you plan to run the container standalone and need origin port exposed
 # use next HTTP_PORT definition (or remove "127.0.0.1:").
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,70 +1,58 @@
 version: '3'
 # set database password in .env
 # please don't use quote (') or (") symbols in variables
 services:
  db:
    image: postgres:12-alpine
    restart: unless-stopped
    env_file:
      - .env
    volumes:
      - db:/var/lib/postgresql/data
    environment:    
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_USER=${POSTGRES_USER}
  app:
    image: cthulhoo/ttrss-fpm-pgsql-static
    restart: unless-stopped
    env_file:
      - .env
    environment:
      - DB_TYPE=pgsql
      - DB_HOST=db
      - DB_NAME=${POSTGRES_USER}
      - DB_USER=${POSTGRES_USER}
      - DB_PASS=${POSTGRES_PASSWORD}
      - OWNER_UID=${OWNER_UID}
      - OWNER_GID=${OWNER_GID}
      - SELF_URL_PATH=${SELF_URL_PATH}
    volumes:
      - app:/var/www/html
      - ./config.d:/opt/tt-rss/config.d:ro
    depends_on:
      - db
-  updater:
+  backups:
    image: cthulhoo/ttrss-fpm-pgsql-static
    restart: unless-stopped
    environment:
      - DB_TYPE=pgsql
      - DB_HOST=db
      - DB_NAME=${POSTGRES_USER}
      - DB_USER=${POSTGRES_USER}
      - DB_PASS=${POSTGRES_PASSWORD}
      - OWNER_UID=${OWNER_UID}
      - OWNER_GID=${OWNER_GID}
      - SELF_URL_PATH=${SELF_URL_PATH}
    volumes:
      - backups:/backups
      - app:/var/www/html
    depends_on:
-      - app
+      - db
-    command: /updater.sh
+    command: /dcron.sh -f
-  backups:
+  updater:
    image: cthulhoo/ttrss-fpm-pgsql-static
    restart: unless-stopped
    env_file:
      - .env
    environment:
      - DB_TYPE=pgsql
      - DB_HOST=db
      - DB_NAME=${POSTGRES_USER}
      - DB_USER=${POSTGRES_USER}
      - DB_PASS=${POSTGRES_PASSWORD}
      - OWNER_UID=${OWNER_UID}
      - OWNER_GID=${OWNER_GID}
    volumes:
      - backups:/backups
      - app:/var/www/html
      - ./config.d:/opt/tt-rss/config.d:ro
    depends_on:
-      - db
+      - app
-    command: /dcron.sh -f
+    command: /updater.sh
 #  web:
 #    image: cthulhoo/ttrss-web
--- a/src/app/Dockerfile
+++ b/src/app/Dockerfile
@ -14,10 +14,51 @@ ADD index.php /
 ADD build-prepare.sh /
 ADD dcron.sh /
 ADD backup.sh /etc/periodic/weekly/backup
 ADD config.docker.php /
 RUN sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf
 RUN sed -i.bak 's/\(memory_limit =\) 128M/\1 256M/' /etc/php7/php.ini
 RUN sed -i.bak 's/;clear_env = .*/clear_env = no/i' /etc/php7/php-fpm.d/www.conf
 RUN mkdir -p /var/www
 RUN mkdir -p /opt/tt-rss/config.d
 RUN sh -c /build-prepare.sh
 ENV OWNER_UID=1000
 ENV OWNER_GID=1000
 ENV DB_TYPE="pgsql"
 ENV DB_HOST="db"
 ENV DB_USER="%DB_USER"
 ENV DB_NAME="%DB_NAME"
 ENV DB_PASS="%DB_PASS"
 ENV DB_PORT="5432"
 # config.php defaults
 ENV MYSQL_CHARSET="UTF8"
 ENV SELF_URL_PATH="%SELF_URL_PATH"
 ENV SINGLE_USER_MODE=""
 ENV SIMPLE_UPDATE_MODE=""
 ENV PHP_EXECUTABLE="/usr/bin/php"
 ENV LOCK_DIRECTORY="lock"
 ENV CACHE_DIR="cache"
 ENV ICONS_DIR="feed-icons"
 ENV ICONS_URL="feed-icons"
 ENV AUTH_AUTO_CREATE="true"
 ENV AUTH_AUTO_LOGIN="true"
 ENV FORCE_ARTICLE_PURGE="0"
 ENV ENABLE_REGISTRATION=""
 ENV REG_NOTIFY_ADDRESS="user@your.domain.dom"
 ENV REG_MAX_USERS="10"
 ENV SESSION_COOKIE_LIFETIME="86400"
 ENV SMTP_FROM_NAME="Tiny Tiny RSS"
 ENV SMTP_FROM_ADDRESS="noreply@your.domain.dom"
 ENV DIGEST_SUBJECT="[tt-rss] New headlines for last 24 hours"
 ENV CHECK_FOR_UPDATES="true"
 ENV ENABLE_GZIP_OUTPUT=""
 ENV PLUGINS="auth_internal, note"
 ENV LOG_DESTINATION="sql"
 ENV CONFIG_VERSION="26"
 CMD /startup.sh
--- a/src/app/config.docker.php
+++ b/src/app/config.docker.php
@ -0,0 +1,174 @@
 <?php
 	// *******************************************
 	// *** Database configuration (important!) ***
 	// *******************************************
 	define('DB_TYPE', getenv('DB_TYPE')); // pgsql or mysql
 	define('DB_HOST', getenv('DB_HOST'));
 	define('DB_USER', getenv('DB_USER'));
 	define('DB_NAME', getenv('DB_NAME'));
 	define('DB_PASS', getenv('DB_PASS'));
 	define('DB_PORT', getenv('DB_PORT')); // usually 5432 for PostgreSQL, 3306 for MySQL
 	define('MYSQL_CHARSET', getenv('MYSQL_CHARSET'));
 	// Connection charset for MySQL. If you have a legacy database and/or experience
 	// garbage unicode characters with this option, try setting it to a blank string.
 	// ***********************************
 	// *** Basic settings (important!) ***
 	// ***********************************
 	define('SELF_URL_PATH', getenv('SELF_URL_PATH'));
 	// This should be set to a fully qualified URL used to access
 	// your tt-rss instance over the net, such as: https://example.org/tt-rss/
 	// The value should be a constant string literal. Please don't use
 	// PHP server variables here - you might introduce security
 	// issues on your install and cause hard to debug problems.
 	// If your tt-rss instance is behind a reverse proxy, use the external URL.
 	define('SINGLE_USER_MODE', getenv('SINGLE_USER_MODE'));
 	// Operate in single user mode, disables all functionality related to
 	// multiple users and authentication. Enabling this assumes you have
 	// your tt-rss directory protected by other means (e.g. http auth).
 	define('SIMPLE_UPDATE_MODE', getenv('SIMPLE_UPDATE_MODE'));
 	// Enables fallback update mode where tt-rss tries to update feeds in
 	// background while tt-rss is open in your browser.
 	// If you don't have a lot of feeds and don't want to or can't run
 	// background processes while not running tt-rss, this method is generally
 	// viable to keep your feeds up to date.
 	// Still, there are more robust (and recommended) updating methods
 	// available, you can read about them here: https://tt-rss.org/wiki/UpdatingFeeds
 	// *****************************
 	// *** Files and directories ***
 	// *****************************
 	define('PHP_EXECUTABLE', getenv('PHP_EXECUTABLE'));
 	// Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss
 	// programs and update daemon. Do not try to use CGI binary here, it won't work.
 	// If you see HTTP headers being displayed while running tt-rss scripts,
 	// then most probably you are using the CGI binary. If you are unsure what to
 	// put in here, ask your hosting provider.
 	define('LOCK_DIRECTORY', getenv('LOCK_DIRECTORY'));
 	// Directory for lockfiles, must be writable to the user you run
 	// daemon process or cronjobs under.
 	define('CACHE_DIR', getenv('CACHE_DIR'));
 	// Local cache directory for RSS feed content.
 	define('ICONS_DIR', getenv('ICONS_DIR'));
 	define('ICONS_URL', getenv('ICONS_URL'));
 	// Local and URL path to the directory, where feed favicons are stored.
 	// Unless you really know what you're doing, please keep those relative
 	// to tt-rss main directory.
 	// **********************
 	// *** Authentication ***
 	// **********************
 	// Please see PLUGINS below to configure various authentication modules.
 	define('AUTH_AUTO_CREATE', getenv('AUTH_AUTO_CREATE'));
 	// Allow authentication modules to auto-create users in tt-rss internal
 	// database when authenticated successfully.
 	define('AUTH_AUTO_LOGIN', getenv('AUTH_AUTO_LOGIN'));
 	// Automatically login user on remote or other kind of externally supplied
 	// authentication, otherwise redirect to login form as normal.
 	// If set to true, users won't be able to set application language
 	// and settings profile.
 	// *********************
 	// *** Feed settings ***
 	// *********************
 	define('FORCE_ARTICLE_PURGE', getenv('FORCE_ARTICLE_PURGE'));
 	// When this option is not 0, users ability to control feed purging
 	// intervals is disabled and all articles (which are not starred)
 	// older than this amount of days are purged.
 	// ***********************************
 	// *** Self-registrations by users ***
 	// ***********************************
 	define('ENABLE_REGISTRATION', getenv('ENABLE_REGISTRATION'));
 	// Allow users to register themselves. Please be aware that allowing
 	// random people to access your tt-rss installation is a security risk
 	// and potentially might lead to data loss or server exploit. Disabled
 	// by default.
 	define('REG_NOTIFY_ADDRESS', getenv('REG_NOTIFY_ADDRESS'));
 	// Email address to send new user notifications to.
 	define('REG_MAX_USERS', getenv('REG_MAX_USERS'));
 	// Maximum amount of users which will be allowed to register on this
 	// system. 0 - no limit.
 	// **********************************
 	// *** Cookies and login sessions ***
 	// **********************************
 	define('SESSION_COOKIE_LIFETIME', getenv('SESSION_COOKIE_LIFETIME'));
 	// Default lifetime of a session (e.g. login) cookie. In seconds,
 	// 0 means cookie will be deleted when browser closes.
 	// *********************************
 	// *** Email and digest settings ***
 	// *********************************
 	// Tiny Tiny RSS sends mail via PHP mail() function, unless handled
 	// by a plugin.
 	// If you need SMTP support, take a look here:
 	// https://git.tt-rss.org/fox/ttrss-mailer-smtp
 	define('SMTP_FROM_NAME', getenv('SMTP_FROM_NAME'));
 	define('SMTP_FROM_ADDRESS', getenv('SMTP_FROM_ADDRESS'));
 	// Name, address and subject for sending outgoing mail. This applies
 	// to password reset notifications, digest emails and any other mail.
 	define('DIGEST_SUBJECT', getenv('DIGEST_SUBJECT'));
 	// Subject line for email digests
 	// ***************************************
 	// *** Other settings (less important) ***
 	// ***************************************
 	define('CHECK_FOR_UPDATES', getenv('CHECK_FOR_UPDATES'));
 	// Check for updates automatically if running Git version
 	define('ENABLE_GZIP_OUTPUT', getenv('ENABLE_GZIP_OUTPUT'));
 	// Selectively gzip output to improve wire performance. This requires
 	// PHP Zlib extension on the server.
 	// Enabling this can break tt-rss in several httpd/php configurations,
 	// if you experience weird errors and tt-rss failing to start, blank pages
 	// after login, or content encoding errors, disable it.
 	define('PLUGINS', getenv('PLUGINS'));
 	// Comma-separated list of plugins to load automatically for all users.
 	// System plugins have to be specified here. Please enable at least one
 	// authentication plugin here (auth_*).
 	// Users may enable other user plugins from Preferences/Plugins but may not
 	// disable plugins specified in this list.
 	// Disabling auth_internal in this list would automatically disable
 	// reset password link on the login form.
 	define('LOG_DESTINATION', getenv('LOG_DESTINATION'));
 	// Error log destination to use. Possible values: sql (uses internal logging
 	// you can read in Preferences -> System), syslog - logs to system log.
 	// Setting this to blank uses PHP logging (usually to http server
 	// error.log).
 	// Note that feed updating daemons don't use this logging facility
 	// for normal output.
 	define('CONFIG_VERSION', getenv('CONFIG_VERSION'));
 	// Expected config version. Please update this option in config.php
 	// if necessary (after migrating all new options from this file).
 	// vim:ft=php
 	$snippets = glob("/opt/tt-rss/config.d/*.php");
 	foreach ($snippets as $snippet) 
 		require_once $snippet;
--- a/src/app/config.php-config.d
+++ b/src/app/config.php-config.d
@ -0,0 +1,4 @@
 	$snippets = glob("/opt/tt-rss/config.d/*.php");
 	foreach ($snippets as $snippet) 
 		require_once $snippet;
--- a/src/app/config.php-dist
+++ b/src/app/config.php-dist
@ -0,0 +1,170 @@
 <?php
 	// *******************************************
 	// *** Database configuration (important!) ***
 	// *******************************************
 	define('DB_TYPE', '%DB_TYPE'); // pgsql or mysql
 	define('DB_HOST', '%DB_HOST');
 	define('DB_USER', '%DB_USER');
 	define('DB_NAME', '%DB_NAME');
 	define('DB_PASS', '%DB_PASS');
 	define('DB_PORT', '%DB_PORT'); // usually 5432 for PostgreSQL, 3306 for MySQL
 	define('MYSQL_CHARSET', 'UTF8');
 	// Connection charset for MySQL. If you have a legacy database and/or experience
 	// garbage unicode characters with this option, try setting it to a blank string.
 	// ***********************************
 	// *** Basic settings (important!) ***
 	// ***********************************
 	define('SELF_URL_PATH', '%SELF_URL_PATH');
 	// This should be set to a fully qualified URL used to access
 	// your tt-rss instance over the net, such as: https://example.org/tt-rss/
 	// The value should be a constant string literal. Please don't use
 	// PHP server variables here - you might introduce security
 	// issues on your install and cause hard to debug problems.
 	// If your tt-rss instance is behind a reverse proxy, use the external URL.
 	define('SINGLE_USER_MODE', false);
 	// Operate in single user mode, disables all functionality related to
 	// multiple users and authentication. Enabling this assumes you have
 	// your tt-rss directory protected by other means (e.g. http auth).
 	define('SIMPLE_UPDATE_MODE', false);
 	// Enables fallback update mode where tt-rss tries to update feeds in
 	// background while tt-rss is open in your browser.
 	// If you don't have a lot of feeds and don't want to or can't run
 	// background processes while not running tt-rss, this method is generally
 	// viable to keep your feeds up to date.
 	// Still, there are more robust (and recommended) updating methods
 	// available, you can read about them here: https://tt-rss.org/wiki/UpdatingFeeds
 	// *****************************
 	// *** Files and directories ***
 	// *****************************
 	define('PHP_EXECUTABLE', '/usr/bin/php');
 	// Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss
 	// programs and update daemon. Do not try to use CGI binary here, it won't work.
 	// If you see HTTP headers being displayed while running tt-rss scripts,
 	// then most probably you are using the CGI binary. If you are unsure what to
 	// put in here, ask your hosting provider.
 	define('LOCK_DIRECTORY', 'lock');
 	// Directory for lockfiles, must be writable to the user you run
 	// daemon process or cronjobs under.
 	define('CACHE_DIR', 'cache');
 	// Local cache directory for RSS feed content.
 	define('ICONS_DIR', "feed-icons");
 	define('ICONS_URL', "feed-icons");
 	// Local and URL path to the directory, where feed favicons are stored.
 	// Unless you really know what you're doing, please keep those relative
 	// to tt-rss main directory.
 	// **********************
 	// *** Authentication ***
 	// **********************
 	// Please see PLUGINS below to configure various authentication modules.
 	define('AUTH_AUTO_CREATE', true);
 	// Allow authentication modules to auto-create users in tt-rss internal
 	// database when authenticated successfully.
 	define('AUTH_AUTO_LOGIN', true);
 	// Automatically login user on remote or other kind of externally supplied
 	// authentication, otherwise redirect to login form as normal.
 	// If set to true, users won't be able to set application language
 	// and settings profile.
 	// *********************
 	// *** Feed settings ***
 	// *********************
 	define('FORCE_ARTICLE_PURGE', 0);
 	// When this option is not 0, users ability to control feed purging
 	// intervals is disabled and all articles (which are not starred)
 	// older than this amount of days are purged.
 	// ***********************************
 	// *** Self-registrations by users ***
 	// ***********************************
 	define('ENABLE_REGISTRATION', false);
 	// Allow users to register themselves. Please be aware that allowing
 	// random people to access your tt-rss installation is a security risk
 	// and potentially might lead to data loss or server exploit. Disabled
 	// by default.
 	define('REG_NOTIFY_ADDRESS', 'user@your.domain.dom');
 	// Email address to send new user notifications to.
 	define('REG_MAX_USERS', 10);
 	// Maximum amount of users which will be allowed to register on this
 	// system. 0 - no limit.
 	// **********************************
 	// *** Cookies and login sessions ***
 	// **********************************
 	define('SESSION_COOKIE_LIFETIME', 86400);
 	// Default lifetime of a session (e.g. login) cookie. In seconds,
 	// 0 means cookie will be deleted when browser closes.
 	// *********************************
 	// *** Email and digest settings ***
 	// *********************************
 	// Tiny Tiny RSS sends mail via PHP mail() function, unless handled
 	// by a plugin.
 	// If you need SMTP support, take a look here:
 	// https://git.tt-rss.org/fox/ttrss-mailer-smtp
 	define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
 	define('SMTP_FROM_ADDRESS', 'noreply@your.domain.dom');
 	// Name, address and subject for sending outgoing mail. This applies
 	// to password reset notifications, digest emails and any other mail.
 	define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
 	// Subject line for email digests
 	// ***************************************
 	// *** Other settings (less important) ***
 	// ***************************************
 	define('CHECK_FOR_UPDATES', true);
 	// Check for updates automatically if running Git version
 	define('ENABLE_GZIP_OUTPUT', false);
 	// Selectively gzip output to improve wire performance. This requires
 	// PHP Zlib extension on the server.
 	// Enabling this can break tt-rss in several httpd/php configurations,
 	// if you experience weird errors and tt-rss failing to start, blank pages
 	// after login, or content encoding errors, disable it.
 	define('PLUGINS', 'auth_internal, note');
 	// Comma-separated list of plugins to load automatically for all users.
 	// System plugins have to be specified here. Please enable at least one
 	// authentication plugin here (auth_*).
 	// Users may enable other user plugins from Preferences/Plugins but may not
 	// disable plugins specified in this list.
 	// Disabling auth_internal in this list would automatically disable
 	// reset password link on the login form.
 	define('LOG_DESTINATION', 'sql');
 	// Error log destination to use. Possible values: sql (uses internal logging
 	// you can read in Preferences -> System), syslog - logs to system log.
 	// Setting this to blank uses PHP logging (usually to http server
 	// error.log).
 	// Note that feed updating daemons don't use this logging facility
 	// for normal output.
 	define('CONFIG_VERSION', 26);
 	// Expected config version. Please update this option in config.php
 	// if necessary (after migrating all new options from this file).
 	// vim:ft=php
--- a/src/app/prepare-config.php
+++ b/src/app/prepare-config.php
@ -0,0 +1,6 @@
 #!/bin/sh
 sed -e "s/define('\([A-Z_]\+\)', [^)]\+/define('\1', getenv('\1')/" \
 	< config.php-dist > config.docker.php
 cat config.php-config.d >> config.docker.php
--- a/src/app/prepare-environment.sh
+++ b/src/app/prepare-environment.sh
@ -0,0 +1,3 @@
 #!/bin/sh
 grep define config.php-dist | sed -e "s/[ \t]*define('\([A-Z_]\+\)', ['\"]\?\([^'\")]\+\).*/ENV \1=\"\2\"/"
--- a/src/app/startup.sh
+++ b/src/app/startup.sh
@ -1,11 +1,15 @@
-#!/bin/sh -ex
+#!/bin/sh -e
 while ! pg_isready -h $DB_HOST -U $DB_USER; do
 	echo waiting until $DB_HOST is ready...
 	sleep 3
 done
-if ! id app; then
+# We don't need those here (HTTP_HOST would cause false SELF_URL_PATH check failures)
 unset HTTP_PORT
 unset HTTP_HOST
 if ! id app >/dev/null 2>&1; then
 	addgroup -g $OWNER_GID app
 	adduser -D -h /var/www/html -G app -u $OWNER_UID app
 fi
@ -41,14 +45,14 @@ for d in cache lock feed-icons plugins.local themes.local; do
 	mkdir -p $DST_DIR/$d
 done
 chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
 	/var/log/php7
 for d in cache lock feed-icons; do
 	chmod 777 $DST_DIR/$d
 	find $DST_DIR/$d -type f -exec chmod 666 {} \;
 done
 chown -R $OWNER_UID:$OWNER_GID $DST_DIR \
 	/var/log/php7	
 PSQL="psql -q -h $DB_HOST -U $DB_USER $DB_NAME"
 $PSQL -c "create extension if not exists pg_trgm"
@ -61,32 +65,20 @@ elif ! $PSQL -c 'select * from ttrss_version'; then
 	$PSQL < /var/www/html/tt-rss/schema/ttrss_schema_pgsql.sql
 fi
 SELF_URL_PATH=$(echo $SELF_URL_PATH | sed -e 's/[\/&]/\\&/g')
 if [ ! -s $DST_DIR/config.php ]; then
-	sed \
+	cp /config.docker.php $DST_DIR/config.php
 		-e "s/define('DB_HOST'.*/define('DB_HOST', '$DB_HOST');/" \
 		-e "s/define('DB_USER'.*/define('DB_USER', '$DB_USER');/" \
 		-e "s/define('DB_NAME'.*/define('DB_NAME', '$DB_NAME');/" \
 		-e "s/define('DB_PASS'.*/define('DB_PASS', '$DB_PASS');/" \
 		-e "s/define('DB_TYPE'.*/define('DB_TYPE', 'pgsql');/" \
 		-e "s/define('DB_PORT'.*/define('DB_PORT', 5432);/" \
 		-e "s/define('PLUGINS'.*/define('PLUGINS', 'auth_internal, note, nginx_xaccel');/" \
 		-e "s/define('SELF_URL_PATH'.*/define('SELF_URL_PATH','$SELF_URL_PATH');/" \
 		< $DST_DIR/config.php-dist > $DST_DIR/config.php
 	cat >> $DST_DIR/config.php << EOF
 		define('NGINX_XACCEL_PREFIX', '/tt-rss');
 EOF
 else
 	sed \
 		-e "s/define('SELF_URL_PATH'.*/define('SELF_URL_PATH','$SELF_URL_PATH');/" \
 		-i $DST_DIR/config.php
 fi
-cd $DST_DIR && sudo -u app php ./update.php --update-schema=force-yes
+# this was previously generated
 rm -f $DST_DIR/config.php.bak
 cd $DST_DIR && sudo -E -u app php ./update.php --update-schema=force-yes
 touch $DST_DIR/.app_is_ready
-sudo -u app /usr/sbin/php-fpm7 -F
+sudo -E -u app /usr/sbin/php-fpm7 -F
--- a/src/app/updater.sh
+++ b/src/app/updater.sh
@ -1,4 +1,8 @@
-#!/bin/sh -ex
+#!/bin/sh -e
 # We don't need those here (HTTP_HOST would cause false SELF_URL_PATH check failures)
 unset HTTP_PORT
 unset HTTP_HOST
 # wait for the app container to delete .app_is_ready and perform rsync, etc.
 sleep 30
@ -20,4 +24,4 @@ while [ ! -s $DST_DIR/config.php -a -e $DST_DIR/.app_is_ready ]; do
 	sleep 3
 done
-sudo -u app /usr/bin/php /var/www/html/tt-rss/update_daemon2.php
+sudo -E -u app /usr/bin/php /var/www/html/tt-rss/update_daemon2.php
--- a/src/docker-compose.yml
+++ b/src/docker-compose.yml
@ -1,17 +1,11 @@
 version: '3'
 # set database password in .env
 # please don't use quote (') or (") symbols in variables
 services:
  db:
    image: postgres:12-alpine
    restart: unless-stopped
    volumes:
      - db:/var/lib/postgresql/data
    environment:    
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_USER=${POSTGRES_USER}
  app:
    image: cthulhoo/ttrss-fpm-pgsql-static:${BUILD_TAG}
@ -19,95 +13,42 @@ services:
      context:
        ./app
    restart: unless-stopped
    environment:
      - DB_TYPE=pgsql
      - DB_HOST=db
      - DB_NAME=${POSTGRES_USER}
      - DB_USER=${POSTGRES_USER}
      - DB_PASS=${POSTGRES_PASSWORD}
      - OWNER_UID=${OWNER_UID}
      - OWNER_GID=${OWNER_GID}
      - SELF_URL_PATH=${SELF_URL_PATH}
    volumes:
      - app:/var/www/html
    depends_on:
      - db
-  updater:
+#  web:
-    image: cthulhoo/ttrss-fpm-pgsql-static:${BUILD_TAG}
+#    image: cthulhoo/ttrss-web:latest
-    build: 
+#    build: ./web
-      context:
+#    restart: unless-stopped
-        ./app
+#    ports:
-    restart: unless-stopped
+#      - ${HTTP_PORT}:2015
-    environment:
+#    volumes:
-      - DB_TYPE=pgsql
+#      - app:/var/www/html:ro
-      - DB_HOST=db
+#    depends_on:
-      - DB_NAME=${POSTGRES_USER}
+#      - app
-      - DB_USER=${POSTGRES_USER}
+
-      - DB_PASS=${POSTGRES_PASSWORD}
+#  web-ssl:
-      - OWNER_UID=${OWNER_UID}
+#    image: cthulhoo/ttrss-web-ssl:latest
-      - OWNER_GID=${OWNER_GID}
+#    build: ./web-ssl
-      - SELF_URL_PATH=${SELF_URL_PATH}
+#    restart: unless-stopped
-    volumes:
+#    environment:
-      - app:/var/www/html
+#      - CADDYPATH=/certs
-    depends_on:
+#      - HTTP_HOST=${HTTP_HOST}
-      - app
+#    ports:
-    command: /updater.sh
+#      - 80:80
-
+#      - 443:443
-  backups:
+#    volumes:
-    image: cthulhoo/ttrss-fpm-pgsql-static:${BUILD_TAG}
+#      - app:/var/www/html:ro
-    build:
+#      - certs:/certs
-      context:
+#    depends_on:
-        ./app
+#      - app
    restart: unless-stopped
    environment:
      - DB_TYPE=pgsql
      - DB_HOST=db
      - DB_NAME=${POSTGRES_USER}
      - DB_USER=${POSTGRES_USER}
      - DB_PASS=${POSTGRES_PASSWORD}
      - OWNER_UID=${OWNER_UID}
      - OWNER_GID=${OWNER_GID}
    volumes:
      - backups:/backups
      - app:/var/www/html
    depends_on:
      - db
    command: /dcron.sh -f
  web:
    image: cthulhoo/ttrss-web:latest
    build: ./web
    restart: unless-stopped
    ports:
      - ${HTTP_PORT}:2015
    volumes:
      - app:/var/www/html:ro
    depends_on:
      - app
  web-ssl:
    image: cthulhoo/ttrss-web-ssl:latest
    build: ./web-ssl
    restart: unless-stopped
    environment:
      - CADDYPATH=/certs
      - HTTP_HOST=${HTTP_HOST}
    ports:
      - 80:80
      - 443:443
    volumes:
      - app:/var/www/html:ro
      - certs:/certs
    depends_on:
      - app
  web-nginx:
    image: cthulhoo/ttrss-web-nginx:latest
    build: ./web-nginx
    restart: unless-stopped
    ports:
      - ${HTTP_PORT}:80
    volumes:
      - app:/var/www/html:ro
    depends_on:
		`@ -0,0 +1,3 @@`
							`#!/bin/sh`

							`grep define config.php-dist \| sed -e "s/[ \t]define('\([A-Z_]\+\)', ['\"]\?\([^'\")]\+\)./ENV \1=\"\2\"/"`