From 9ca66351da790e7b3478add6e3650f273e045f2b Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 17 Sep 2020 08:27:26 +0300 Subject: [PATCH 1/9] apply more sane permissions on cache directories --- src/app/startup.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/app/startup.sh b/src/app/startup.sh index 68a7cae..0ba3773 100755 --- a/src/app/startup.sh +++ b/src/app/startup.sh @@ -42,7 +42,8 @@ for d in cache lock feed-icons plugins.local themes.local; do done for d in cache lock feed-icons; do - chmod -R 777 $DST_DIR/$d + chmod 777 $DST_DIR/$d + find $DST_DIR/$d -type f -exec chmod 666 {} \; done chown -R $OWNER_UID:$OWNER_GID $DST_DIR \ From b6a65ebddd87f92f06a83786b3ba12affd23ce3a Mon Sep 17 00:00:00 2001 From: fox Date: Mon, 21 Sep 2020 10:53:24 +0000 Subject: [PATCH 2/9] Update 'README.md' --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index 057d9de..8034817 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,6 @@ The idea is to provide tt-rss working (and updating) out of the box with minimal **This compose setup uses prebuilt images from Docker Hub.** -This setup is still WIP. Some features may be unimplemented or broken. Check the following -before deploying: - - [TODO](https://git.tt-rss.org/fox/ttrss-docker-compose/wiki/TODO) - [FAQ](https://git.tt-rss.org/fox/ttrss-docker-compose/wiki#faq) From 5f1a54a6878874ca221a8e08e0282b12586d8051 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 27 Sep 2020 17:53:55 +0300 Subject: [PATCH 3/9] increase memory limit for php CLI processes --- src/app/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/src/app/Dockerfile b/src/app/Dockerfile index 20a1961..9fcff5b 100644 --- a/src/app/Dockerfile +++ b/src/app/Dockerfile @@ -14,6 +14,7 @@ ADD index.php / ADD build-prepare.sh / RUN sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf +RUN sed -i.bak 's/\(memory_limit =\) 128M/\1 256M/' /etc/php7/php.ini RUN sh -c /build-prepare.sh From 3a27647d896d1b9b4724ef1801db41014bdf6c9b Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 28 Sep 2020 13:55:38 +0300 Subject: [PATCH 4/9] update schema on startup --- src/app/startup.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/app/startup.sh b/src/app/startup.sh index 68a7cae..fb1ccb5 100755 --- a/src/app/startup.sh +++ b/src/app/startup.sh @@ -83,6 +83,8 @@ else -i.bak $DST_DIR/config.php fi +cd $DST_DIR && sudo -u app php ./update.php --update-schema force-yes + touch $DST_DIR/.app_is_ready sudo -u app /usr/sbin/php-fpm7 -F From d7ce9113dca9d54e33aa138cb1131122057f53f5 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 29 Sep 2020 12:28:06 +0300 Subject: [PATCH 5/9] set /tt-rss/backups as internal --- src/web-nginx/nginx.conf | 4 ++++ src/web-ssl/Caddyfile | 3 ++- src/web/Caddyfile | 3 ++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/web-nginx/nginx.conf b/src/web-nginx/nginx.conf index efe2eea..033f9da 100644 --- a/src/web-nginx/nginx.conf +++ b/src/web-nginx/nginx.conf @@ -29,6 +29,10 @@ http { internal; } + location /tt-rss/backups { + internal; + } + location ~ \.php$ { # regex to split $uri to $fastcgi_script_name and $fastcgi_path fastcgi_split_path_info ^(.+?\.php)(/.*)$; diff --git a/src/web-ssl/Caddyfile b/src/web-ssl/Caddyfile index 56c2239..076829c 100644 --- a/src/web-ssl/Caddyfile +++ b/src/web-ssl/Caddyfile @@ -5,4 +5,5 @@ root /var/www/html log stdout errors stderr internal /tt-rss/cache -fastcgi / app:9000 php \ No newline at end of file +internal /tt-rss/backups +fastcgi / app:9000 php diff --git a/src/web/Caddyfile b/src/web/Caddyfile index e65d2c8..19999ab 100644 --- a/src/web/Caddyfile +++ b/src/web/Caddyfile @@ -3,4 +3,5 @@ root /var/www/html log stdout errors stderr internal /tt-rss/cache -fastcgi / app:9000 php \ No newline at end of file +internal /tt-rss/backups +fastcgi / app:9000 php From 4b0a05719918afbef028246af4d0f9eb1cda6772 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 30 Sep 2020 06:58:06 +0300 Subject: [PATCH 6/9] use different CLI syntax for update-schema --- src/app/startup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/app/startup.sh b/src/app/startup.sh index 2e2d52e..df8758f 100755 --- a/src/app/startup.sh +++ b/src/app/startup.sh @@ -84,7 +84,7 @@ else -i.bak $DST_DIR/config.php fi -cd $DST_DIR && sudo -u app php ./update.php --update-schema force-yes +cd $DST_DIR && sudo -u app php ./update.php --update-schema=force-yes touch $DST_DIR/.app_is_ready From b2336cee44cfb986cf08bceaa8dc42b37075e91f Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 30 Sep 2020 12:36:20 +0300 Subject: [PATCH 7/9] add side container which backups tt-rss database once a week bump alpine image to 3.12 --- README.md | 1 + docker-compose.yml | 18 ++++++++++++++++++ src/app/Dockerfile | 6 ++++-- src/app/backup-database.sh | 22 ++++++++++++++++++++++ src/app/dcron.sh | 5 +++++ src/docker-compose.yml | 21 +++++++++++++++++++++ 6 files changed, 71 insertions(+), 2 deletions(-) create mode 100755 src/app/backup-database.sh create mode 100755 src/app/dcron.sh diff --git a/README.md b/README.md index 8034817..13260ad 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ General outline of the configuration is as follows: - Caddy has its http port exposed to the outside - optional SSL support via Caddy w/ automatic letsencrypt certificates - feed updates are handled via update daemon started in a separate container (updater) + - optional backups container which performs tt-rss database backup once a week ### Installation diff --git a/docker-compose.yml b/docker-compose.yml index fbd0c8a..ea2c947 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -48,6 +48,23 @@ services: - app command: /updater.sh + backups: + image: cthulhoo/ttrss-fpm-pgsql-static + restart: unless-stopped + environment: + - DB_TYPE=pgsql + - DB_HOST=db + - DB_NAME=${POSTGRES_USER} + - DB_USER=${POSTGRES_USER} + - DB_PASS=${POSTGRES_PASSWORD} + - OWNER_UID=${OWNER_UID} + - OWNER_GID=${OWNER_GID} + volumes: + - backups:/backups + depends_on: + - db + command: /dcron.sh -f + web: image: cthulhoo/ttrss-web restart: unless-stopped @@ -87,3 +104,4 @@ volumes: db: app: certs: + backups: diff --git a/src/app/Dockerfile b/src/app/Dockerfile index 9fcff5b..589ad8e 100644 --- a/src/app/Dockerfile +++ b/src/app/Dockerfile @@ -1,7 +1,7 @@ -FROM alpine:3.9 +FROM alpine:3.12 EXPOSE 9000/tcp -RUN apk add --no-cache php7 php7-fpm \ +RUN apk add --no-cache dcron php7 php7-fpm \ php7-pdo php7-gd php7-pgsql php7-pdo_pgsql php7-mbstring \ php7-intl php7-xml php7-curl php7-session \ php7-dom php7-fileinfo php7-json \ @@ -12,6 +12,8 @@ ADD startup.sh / ADD updater.sh / ADD index.php / ADD build-prepare.sh / +ADD dcron.sh / +ADD backup-database.sh /etc/periodic/weekly/backup-database RUN sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf RUN sed -i.bak 's/\(memory_limit =\) 128M/\1 256M/' /etc/php7/php.ini diff --git a/src/app/backup-database.sh b/src/app/backup-database.sh new file mode 100755 index 0000000..6918e24 --- /dev/null +++ b/src/app/backup-database.sh @@ -0,0 +1,22 @@ +#!/bin/sh -e + +DST_DIR=/backups +KEEP_DAYS=28 + +if pg_isready -h $DB_HOST -U $DB_USER; then + DST_FILE=ttrss-backup-$(date +%Y%m%d).sql.gz + + echo backing up tt-rss database to $DST_DIR/$DST_FILE... + + export PGPASSWORD=$DB_PASS + + pg_dump --clean -h $DB_HOST -U $DB_USER $DB_NAME | gzip > $DST_DIR/$DST_FILE + + echo cleaning up... + + find $DST_DIR -type f -name '*.sql.gz' -mtime +$KEEP_DAYS -delete + + echo done. +else + echo backup failed: database is not ready. +fi diff --git a/src/app/dcron.sh b/src/app/dcron.sh new file mode 100755 index 0000000..b16f15a --- /dev/null +++ b/src/app/dcron.sh @@ -0,0 +1,5 @@ +#!/bin/sh +# https://github.com/dubiousjim/dcron/issues/13 +set -e + +/usr/sbin/crond "$@" diff --git a/src/docker-compose.yml b/src/docker-compose.yml index f5e52b9..c9be288 100644 --- a/src/docker-compose.yml +++ b/src/docker-compose.yml @@ -54,6 +54,26 @@ services: - app command: /updater.sh + backups: + image: cthulhoo/ttrss-fpm-pgsql-static:${BUILD_TAG} + build: + context: + ./app + restart: unless-stopped + environment: + - DB_TYPE=pgsql + - DB_HOST=db + - DB_NAME=${POSTGRES_USER} + - DB_USER=${POSTGRES_USER} + - DB_PASS=${POSTGRES_PASSWORD} + - OWNER_UID=${OWNER_UID} + - OWNER_GID=${OWNER_GID} + volumes: + - backups:/backups + depends_on: + - db + command: /dcron.sh -f + web: image: cthulhoo/ttrss-web:latest build: ./web @@ -96,3 +116,4 @@ volumes: db: app: certs: + backups: From 3f6251cf1cf04fde36764acb19c83775b0c1d608 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 30 Sep 2020 15:00:22 +0300 Subject: [PATCH 8/9] backups: also backup tt-rss local directories --- docker-compose.yml | 1 + src/app/Dockerfile | 2 +- src/app/{backup-database.sh => backup.sh} | 11 ++++++++++- src/docker-compose.yml | 1 + 4 files changed, 13 insertions(+), 2 deletions(-) rename src/app/{backup-database.sh => backup.sh} (55%) diff --git a/docker-compose.yml b/docker-compose.yml index ea2c947..7726085 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -61,6 +61,7 @@ services: - OWNER_GID=${OWNER_GID} volumes: - backups:/backups + - app:/var/www/html depends_on: - db command: /dcron.sh -f diff --git a/src/app/Dockerfile b/src/app/Dockerfile index 589ad8e..149d85c 100644 --- a/src/app/Dockerfile +++ b/src/app/Dockerfile @@ -13,7 +13,7 @@ ADD updater.sh / ADD index.php / ADD build-prepare.sh / ADD dcron.sh / -ADD backup-database.sh /etc/periodic/weekly/backup-database +ADD backup.sh /etc/periodic/weekly/backup RUN sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf RUN sed -i.bak 's/\(memory_limit =\) 128M/\1 256M/' /etc/php7/php.ini diff --git a/src/app/backup-database.sh b/src/app/backup.sh similarity index 55% rename from src/app/backup-database.sh rename to src/app/backup.sh index 6918e24..f13e720 100755 --- a/src/app/backup-database.sh +++ b/src/app/backup.sh @@ -2,6 +2,7 @@ DST_DIR=/backups KEEP_DAYS=28 +APP_ROOT=/var/www/html/tt-rss if pg_isready -h $DB_HOST -U $DB_USER; then DST_FILE=ttrss-backup-$(date +%Y%m%d).sql.gz @@ -12,9 +13,17 @@ if pg_isready -h $DB_HOST -U $DB_USER; then pg_dump --clean -h $DB_HOST -U $DB_USER $DB_NAME | gzip > $DST_DIR/$DST_FILE + DST_FILE=ttrss-backup-$(date +%Y%m%d).tar.gz + + echo backing up tt-rss local directories to $DST_DIR/$DST_FILE... + + tar -cz -f $DST_DIR/$DST_FILE $APP_ROOT/*.local \ + $APP_ROOT/feed-icons/ \ + $APP_ROOT/config.php + echo cleaning up... - find $DST_DIR -type f -name '*.sql.gz' -mtime +$KEEP_DAYS -delete + find $DST_DIR -type f -name '*.gz' -mtime +$KEEP_DAYS -delete echo done. else diff --git a/src/docker-compose.yml b/src/docker-compose.yml index c9be288..2cee922 100644 --- a/src/docker-compose.yml +++ b/src/docker-compose.yml @@ -70,6 +70,7 @@ services: - OWNER_GID=${OWNER_GID} volumes: - backups:/backups + - app:/var/www/html depends_on: - db command: /dcron.sh -f From 3ebfd8680667e4a50b622680e1244d4dd4375576 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 1 Oct 2020 12:50:50 +0300 Subject: [PATCH 9/9] web-nginx: listen on ipv6 too --- src/web-nginx/nginx.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/web-nginx/nginx.conf b/src/web-nginx/nginx.conf index 033f9da..131dd79 100644 --- a/src/web-nginx/nginx.conf +++ b/src/web-nginx/nginx.conf @@ -22,6 +22,8 @@ http { server { listen 80; + listen [::]:80; + root /var/www/html; location /tt-rss/cache {