Dockerfile is now based on phusion/baseimage and enables mandatory https

access via a self-signed certificate.
2014-05-19 09:33:44 +02:00 · 2014-05-19 09:33:44 +02:00 · 264d1a67d7
commit 264d1a67d7
parent 18138ce567
11 changed files with 89 additions and 53 deletions
--- a/10_ttrss.sh
+++ b/10_ttrss.sh
@ -0,0 +1,15 @@
 #!/bin/sh
 set -eu
 set -x
 php /root/configure-db.php
 php /root/configure-plugin-mobilize.php
 # Generate the TLS certificate for our Tiny Tiny RSS server instance.
 openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
    -subj "/C=US/ST=World/L=World/O=ttrss/CN=ttrss" \
    -keyout "/etc/ssl/private/ttrss.key" \
    -out "/etc/ssl/certs/ttrss.cert"
 chmod 600 "/etc/ssl/private/ttrss.key"
 chmod 600 "/etc/ssl/certs/ttrss.cert"
--- a/31
+++ b/31
@ -1,9 +1,9 @@
-FROM ubuntu
+FROM phusion/baseimage
-# Based on work of Christian Lück <christian@lueck.tv>
+# Initially was based on work of Christian Lück <christian@lueck.tv>
 MAINTAINER Andreas Löffler <andy@x86dev.com>
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \
-  nginx git supervisor php5-fpm php5-cli php5-curl php5-gd php5-json \
+  nginx git ca-certificates php5-fpm php5-cli php5-curl php5-gd php5-json \
  php5-pgsql 
 # php5-mysql
@ -13,7 +13,7 @@ RUN ln -s /etc/nginx/sites-available/ttrss /etc/nginx/sites-enabled/ttrss
 RUN rm /etc/nginx/sites-enabled/default
 # patch php5-fpm configuration so that it does not daemonize itself. This is
-# needed because supervisord can watch its state
+# needed so that runit can watch its state and restart it if it crashes etc.
 RUN sed -i -e "s/;daemonize\s*=\s*yes/daemonize = no/g" /etc/php5/fpm/php-fpm.conf
 # patch the php-fpm's listening method to _always_ use a unix socket
@ -51,9 +51,20 @@ ENV DB_USER ttrss
 ENV DB_PASS ttrss
 # always re-configure database with current ENV when RUNning container, then monitor all services
-ADD run.sh /run.sh
+## @todo pack the scripts to a .zip, ADD this and RUN it in setup.sh. Later.
-ADD utils.php /utils.php
+ADD utils.php /root/utils.php
-ADD configure-db.php /configure-db.php
+ADD configure-db.php /root/configure-db.php
-ADD configure-plugin-mobilize.php /configure-plugin-mobilize.php
+ADD configure-plugin-mobilize.php /root/configure-plugin-mobilize.php
-ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
-CMD sh /run.sh && supervisord -c /etc/supervisor/conf.d/supervisord.conf
+RUN mkdir /etc/service/nginx
 ADD service-nginx.sh /etc/service/nginx/run
 RUN mkdir /etc/service/php5-fpm
 ADD service-php5-fpm.sh /etc/service/php5-fpm/run
 RUN mkdir /etc/service/ttrss-update
 ADD service-ttrss-update.sh /etc/service/ttrss-update/run
 ADD 10_ttrss.sh /etc/my_init.d/10_ttrss.sh
 CMD /sbin/my_init
 EXPOSE 22
--- a/README.md
+++ b/README.md
@ -1,13 +1,15 @@
 # docker-ttrss
-Note: This Dockerfile is a modified version of https://github.com/clue/docker-ttrss.git
+This Dockerfile installs Tiny Tiny RSS with the following features:
 which adds some features, plugins and themes I wanted to have in my own tt-rss setup. 
-Tiny Tiny RSS' root now is in the subdirectory ttrss, e.g. http://<yourhost>/ttrss
+- Integrated [Feedly theme](https://github.com/levito/tt-rss-feedly-theme)
 - Integrated [mobilize plugin](https://github.com/sepich/tt-rss-mobilize) for using Readability, Instapaper + Google Mobilizer
 - Self-signed 2048-bit RSA TLS certificate for accessing Tiny Tiny RSS via https
 - Originally was based on [clue/docker-ttrss.git](https://github.com/clue/docker-ttrss)
 Feel free to tweak this further to your likings.
-This docker image allows you to run the [Tiny Tiny RSS](http://tt-rss.org) feed reader.
+This docker image allows you to run the [Tiny Tiny RSS](http://www.tt-rss.org) feed reader.
 Keep your feed history to yourself and access your RSS and atom feeds from everywhere.
 You can access it through an easy to use webinterface on your desktop, your mobile browser
 or using one of available apps.
@ -23,20 +25,20 @@ Just start up a new database container:
 $ DB=$(docker run -d nornagon/postgres)
 ```
-And because this docker image is available as a [trusted build on the docker index](https://index.docker.io/u/clue/ttrss/),
+And because this docker image is available as a [trusted build on the docker index](https://index.docker.io/u/x86dev/docker-ttrss/),
 using it is as simple as launching this Tiny Tiny RSS installation linked to your fresh database:
 ```bash
-$ docker run -d --link $DB:db -p 80:80 --name ttrss <this-image>
+$ docker run -d --link $DB:db -p 443:443 --name ttrss <this-image>
 ```
 Running this command for the first time will download the image automatically.
 ## Accessing your webinterface
-The above example exposes the Tiny Tiny RSS webinterface on port 80, so that you can browse to:
+The above example exposes the Tiny Tiny RSS webinterface on port 443 (https), so that you can browse to:
-http://localhost/
+https://<yourhost>/ttrss
 The default login credentials are:
@ -74,7 +76,7 @@ This is particular useful for your initial database setup, as errors get reporte
 the console and further execution will halt.
 ```bash
-$ sudo docker run -it --link ttrss-data:db -p 80:80 --name ttrss <this-image>
+$ sudo docker run -it --link ttrss-data:db -p 443:443 --name ttrss <this-image>
 ```
 ##### Database configuration
@ -110,5 +112,5 @@ Remaining arguments can be passed just like before, the following is the recomme
 minimum:
 ```bash
-$ sudo docker run -d --link ttrss-data:db -p 80:80 --name ttrss <this-image>
+$ sudo docker run -d --link ttrss-data:db -p 443:443 --name ttrss <this-image>
 ```
--- a/configure-db.php
+++ b/configure-db.php
@ -1,7 +1,7 @@
 #!/usr/bin/env php
 <?php
-include '/utils.php';
+include '/root/utils.php';
 $ename = 'DB';
 $eport = 5432;
@ -52,6 +52,7 @@ if (!dbcheck($config)) {
 $pdo = dbconnect($config);
 try {
    $pdo->query('SELECT 1 FROM ttrss_feeds');
    echo 'Connection to database successful';
    // reached this point => table found, assume db is complete
 }
 catch (PDOException $e) {
--- a/configure-plugin-mobilize.php
+++ b/configure-plugin-mobilize.php
@ -1,7 +1,7 @@
 #!/usr/bin/env php
 <?php
-include '/utils.php';
+include '/root/utils.php';
 $ename = 'DB';
 $eport = 5432;
--- a/run.sh
+++ b/run.sh
@ -1,3 +0,0 @@
 #/bin/sh
 php /configure-db.php && \
 php /configure-plugin-mobilize.php
--- a/service-nginx.sh
+++ b/service-nginx.sh
@ -0,0 +1,6 @@
 #!/bin/sh
 set -eu
 set -x
 /usr/sbin/nginx -g "daemon off;" >> /var/log/service-nginx.log 2>&1
--- a/service-php5-fpm.sh
+++ b/service-php5-fpm.sh
@ -0,0 +1,6 @@
 #!/bin/sh
 set -eu
 set -x
 /usr/sbin/php5-fpm >> /var/log/service-php5-fpm.log 2>&1
--- a/service-ttrss-update.sh
+++ b/service-ttrss-update.sh
@ -0,0 +1,6 @@
 #!/bin/sh
 set -eu
 set -x
 exec /sbin/setuser www-data /usr/bin/php /var/www/ttrss/update_daemon2.php >> /var/log/service-ttrss-update.log 2>&1
--- a/supervisord.conf
+++ b/supervisord.conf
@ -1,15 +0,0 @@
 [supervisord]
 nodaemon=true
 [program:php5-fpm]
 command=/usr/sbin/php5-fpm
 [program:nginx]
 command=/usr/sbin/nginx -g "daemon off;"
 [program:ttrss-update-daemon]
 command=/usr/bin/php /var/www/ttrss/update_daemon2.php
 user=www-data
 stdout_logfile=/tmp/%(program_name)s.stdout
 stderr_logfile=/tmp/%(program_name)s.stderr
--- a/ttrss.nginx.conf
+++ b/ttrss.nginx.conf
@ -1,7 +1,14 @@
 server {
-	listen 80;
+    listen 443;
    root /var/www;
    ssl                       on;
    ssl_certificate           /etc/ssl/certs/ttrss.cert;
    ssl_certificate_key       /etc/ssl/private/ttrss.key;
    ssl_protocols             SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on; 
    ssl_ciphers               "EECDH+AESGCM EDH+AESGCM EECDH -RC4 EDH -CAMELLIA -SEED !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
    index index.php index.html;
    location / {