diff --git a/10_ttrss.sh b/10_ttrss.sh new file mode 100755 index 0000000..8d7afa2 --- /dev/null +++ b/10_ttrss.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -eu +set -x + +php /root/configure-db.php +php /root/configure-plugin-mobilize.php + +# Generate the TLS certificate for our Tiny Tiny RSS server instance. +openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \ + -subj "/C=US/ST=World/L=World/O=ttrss/CN=ttrss" \ + -keyout "/etc/ssl/private/ttrss.key" \ + -out "/etc/ssl/certs/ttrss.cert" +chmod 600 "/etc/ssl/private/ttrss.key" +chmod 600 "/etc/ssl/certs/ttrss.cert" diff --git a/Dockerfile b/Dockerfile index 2eab4db..3be08da 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ -FROM ubuntu -# Based on work of Christian Lück +FROM phusion/baseimage +# Initially was based on work of Christian Lück MAINTAINER Andreas Löffler RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \ - nginx git supervisor php5-fpm php5-cli php5-curl php5-gd php5-json \ - php5-pgsql + nginx git ca-certificates php5-fpm php5-cli php5-curl php5-gd php5-json \ + php5-pgsql # php5-mysql # add ttrss as the only nginx site @@ -13,7 +13,7 @@ RUN ln -s /etc/nginx/sites-available/ttrss /etc/nginx/sites-enabled/ttrss RUN rm /etc/nginx/sites-enabled/default # patch php5-fpm configuration so that it does not daemonize itself. This is -# needed because supervisord can watch its state +# needed so that runit can watch its state and restart it if it crashes etc. RUN sed -i -e "s/;daemonize\s*=\s*yes/daemonize = no/g" /etc/php5/fpm/php-fpm.conf # patch the php-fpm's listening method to _always_ use a unix socket @@ -51,9 +51,20 @@ ENV DB_USER ttrss ENV DB_PASS ttrss # always re-configure database with current ENV when RUNning container, then monitor all services -ADD run.sh /run.sh -ADD utils.php /utils.php -ADD configure-db.php /configure-db.php -ADD configure-plugin-mobilize.php /configure-plugin-mobilize.php -ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf -CMD sh /run.sh && supervisord -c /etc/supervisor/conf.d/supervisord.conf +## @todo pack the scripts to a .zip, ADD this and RUN it in setup.sh. Later. +ADD utils.php /root/utils.php +ADD configure-db.php /root/configure-db.php +ADD configure-plugin-mobilize.php /root/configure-plugin-mobilize.php + +RUN mkdir /etc/service/nginx +ADD service-nginx.sh /etc/service/nginx/run + +RUN mkdir /etc/service/php5-fpm +ADD service-php5-fpm.sh /etc/service/php5-fpm/run + +RUN mkdir /etc/service/ttrss-update +ADD service-ttrss-update.sh /etc/service/ttrss-update/run + +ADD 10_ttrss.sh /etc/my_init.d/10_ttrss.sh +CMD /sbin/my_init +EXPOSE 22 diff --git a/README.md b/README.md index 13b84d5..80d44b0 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,15 @@ # docker-ttrss -Note: This Dockerfile is a modified version of https://github.com/clue/docker-ttrss.git -which adds some features, plugins and themes I wanted to have in my own tt-rss setup. +This Dockerfile installs Tiny Tiny RSS with the following features: -Tiny Tiny RSS' root now is in the subdirectory ttrss, e.g. http:///ttrss +- Integrated [Feedly theme](https://github.com/levito/tt-rss-feedly-theme) +- Integrated [mobilize plugin](https://github.com/sepich/tt-rss-mobilize) for using Readability, Instapaper + Google Mobilizer +- Self-signed 2048-bit RSA TLS certificate for accessing Tiny Tiny RSS via https +- Originally was based on [clue/docker-ttrss.git](https://github.com/clue/docker-ttrss) Feel free to tweak this further to your likings. -This docker image allows you to run the [Tiny Tiny RSS](http://tt-rss.org) feed reader. +This docker image allows you to run the [Tiny Tiny RSS](http://www.tt-rss.org) feed reader. Keep your feed history to yourself and access your RSS and atom feeds from everywhere. You can access it through an easy to use webinterface on your desktop, your mobile browser or using one of available apps. @@ -23,20 +25,20 @@ Just start up a new database container: $ DB=$(docker run -d nornagon/postgres) ``` -And because this docker image is available as a [trusted build on the docker index](https://index.docker.io/u/clue/ttrss/), +And because this docker image is available as a [trusted build on the docker index](https://index.docker.io/u/x86dev/docker-ttrss/), using it is as simple as launching this Tiny Tiny RSS installation linked to your fresh database: ```bash -$ docker run -d --link $DB:db -p 80:80 --name ttrss +$ docker run -d --link $DB:db -p 443:443 --name ttrss ``` Running this command for the first time will download the image automatically. ## Accessing your webinterface -The above example exposes the Tiny Tiny RSS webinterface on port 80, so that you can browse to: +The above example exposes the Tiny Tiny RSS webinterface on port 443 (https), so that you can browse to: -http://localhost/ +https:///ttrss The default login credentials are: @@ -74,7 +76,7 @@ This is particular useful for your initial database setup, as errors get reporte the console and further execution will halt. ```bash -$ sudo docker run -it --link ttrss-data:db -p 80:80 --name ttrss +$ sudo docker run -it --link ttrss-data:db -p 443:443 --name ttrss ``` ##### Database configuration @@ -110,5 +112,5 @@ Remaining arguments can be passed just like before, the following is the recomme minimum: ```bash -$ sudo docker run -d --link ttrss-data:db -p 80:80 --name ttrss +$ sudo docker run -d --link ttrss-data:db -p 443:443 --name ttrss ``` diff --git a/configure-db.php b/configure-db.php index 911f490..bedda6e 100644 --- a/configure-db.php +++ b/configure-db.php @@ -1,7 +1,7 @@ #!/usr/bin/env php query('SELECT 1 FROM ttrss_feeds'); + echo 'Connection to database successful'; // reached this point => table found, assume db is complete } catch (PDOException $e) { diff --git a/configure-plugin-mobilize.php b/configure-plugin-mobilize.php index c0e614c..a2ae3b5 100644 --- a/configure-plugin-mobilize.php +++ b/configure-plugin-mobilize.php @@ -1,7 +1,7 @@ #!/usr/bin/env php > /var/log/service-nginx.log 2>&1 diff --git a/service-php5-fpm.sh b/service-php5-fpm.sh new file mode 100755 index 0000000..6ee3e94 --- /dev/null +++ b/service-php5-fpm.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +set -eu +set -x + +/usr/sbin/php5-fpm >> /var/log/service-php5-fpm.log 2>&1 diff --git a/service-ttrss-update.sh b/service-ttrss-update.sh new file mode 100755 index 0000000..0a9c217 --- /dev/null +++ b/service-ttrss-update.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +set -eu +set -x + +exec /sbin/setuser www-data /usr/bin/php /var/www/ttrss/update_daemon2.php >> /var/log/service-ttrss-update.log 2>&1 diff --git a/supervisord.conf b/supervisord.conf deleted file mode 100644 index fdd23a2..0000000 --- a/supervisord.conf +++ /dev/null @@ -1,15 +0,0 @@ -[supervisord] -nodaemon=true - -[program:php5-fpm] -command=/usr/sbin/php5-fpm - -[program:nginx] -command=/usr/sbin/nginx -g "daemon off;" - -[program:ttrss-update-daemon] -command=/usr/bin/php /var/www/ttrss/update_daemon2.php -user=www-data -stdout_logfile=/tmp/%(program_name)s.stdout -stderr_logfile=/tmp/%(program_name)s.stderr - diff --git a/ttrss.nginx.conf b/ttrss.nginx.conf index ec70746..271f294 100644 --- a/ttrss.nginx.conf +++ b/ttrss.nginx.conf @@ -1,17 +1,24 @@ server { - listen 80; - root /var/www; + listen 443; + root /var/www; - index index.php index.html; + ssl on; + ssl_certificate /etc/ssl/certs/ttrss.cert; + ssl_certificate_key /etc/ssl/private/ttrss.key; + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; - location / { - try_files $uri $uri/ =404; - } + index index.php index.html; - location ~ \.php$ { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:/var/run/php5-fpm.sock; - fastcgi_index index.php; - include fastcgi_params; - } + location / { + try_files $uri $uri/ =404; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + } }