From 72f562e36c0abc99c20cbbe6f32a11a30d00f9df Mon Sep 17 00:00:00 2001
From: x86dev <x86dev@users.noreply.github.com>
Date: Tue, 21 Feb 2017 23:50:51 +0100
Subject: [PATCH] Now based on Alpine Linux and s6 as supervisor, resulting in
 a much smaller Docker image. See README.md for details and other additions.

---
 root/etc/services.d/nginx/run         |  2 +-
 root/etc/services.d/php/run           |  2 +-
 root/etc/services.d/ttrss-daemon/run  |  4 ++--
 root/etc/services.d/ttrss-updater/run |  9 +++------
 root/srv/setup-ttrss.sh               | 27 ++++++++++++++++++++-------
 root/srv/start-ttrss.sh               |  4 ++--
 root/srv/update-ttrss.sh              |  2 +-
 7 files changed, 30 insertions(+), 20 deletions(-)

diff --git a/root/etc/services.d/nginx/run b/root/etc/services.d/nginx/run
index eaf8049..8f7feb5 100644
--- a/root/etc/services.d/nginx/run
+++ b/root/etc/services.d/nginx/run
@@ -1,2 +1,2 @@
-#!/bin/sh
+#!/usr/bin/with-contenv sh
 exec nginx
diff --git a/root/etc/services.d/php/run b/root/etc/services.d/php/run
index 2639c94..4e97df8 100644
--- a/root/etc/services.d/php/run
+++ b/root/etc/services.d/php/run
@@ -1,2 +1,2 @@
-#!/bin/sh
+#!/usr/bin/with-contenv sh
 exec php-fpm
diff --git a/root/etc/services.d/ttrss-daemon/run b/root/etc/services.d/ttrss-daemon/run
index ef437ea..6d20262 100644
--- a/root/etc/services.d/ttrss-daemon/run
+++ b/root/etc/services.d/ttrss-daemon/run
@@ -1,7 +1,7 @@
-#!/bin/sh
+#!/usr/bin/with-contenv sh
 
 while true; do
   cd /var/www/ttrss
-  php -f /var/www/ttrss/update_daemon2.php
+  exec s6-setuidgid www-data php -f /var/www/ttrss/update_daemon2.php
   sleep 5m
 done
diff --git a/root/etc/services.d/ttrss-updater/run b/root/etc/services.d/ttrss-updater/run
index dc385de..ae315f4 100644
--- a/root/etc/services.d/ttrss-updater/run
+++ b/root/etc/services.d/ttrss-updater/run
@@ -1,6 +1,3 @@
-#!/bin/sh
-
-while true; do
-  /srv/update-ttrss.sh
-  sleep 24h
-done
+#!/usr/bin/with-contenv sh
+sleep 24h
+exec s6-setuidgid www-data /srv/update-ttrss.sh --wait-exit 24h
diff --git a/root/srv/setup-ttrss.sh b/root/srv/setup-ttrss.sh
index ee5ac66..af3b2fb 100755
--- a/root/srv/setup-ttrss.sh
+++ b/root/srv/setup-ttrss.sh
@@ -11,6 +11,9 @@ setup_nginx()
     NGINX_CONF=/etc/nginx/nginx.conf
 
     if [ "$TTRSS_SSL_ENABLED" = "1" ]; then
+        # Install OpenSSL.
+        apk update && apk add openssl
+        
         if [ ! -f "/etc/ssl/private/ttrss.key" ]; then
             echo "Setup: Generating self-signed certificate ..."
             # Generate the TLS certificate for our Tiny Tiny RSS server instance.
@@ -19,15 +22,23 @@ setup_nginx()
                 -keyout "/etc/ssl/private/ttrss.key" \
                 -out "/etc/ssl/certs/ttrss.crt"
         fi
+
+        # Turn on SSL.
+        sed -i -e "s/listen\s*8080\s*;/listen 4443;/g" ${NGINX_CONF}
+        sed -i -e "s/ssl\s*off\s*;/ssl on;/g" ${NGINX_CONF}
+        sed -i -e "s/#ssl_/ssl_/g" ${NGINX_CONF}
+
+        # Set permissions.
         chmod 600 "/etc/ssl/private/ttrss.key"
         chmod 600 "/etc/ssl/certs/ttrss.crt"
     else
         echo "Setup: !!! WARNING !!! Turning OFF SSL/TLS !!! WARNING !!!"
         echo "Setup: This is not recommended for a production server. You have been warned."
+        
         # Turn off SSL.
         sed -i -e "s/listen\s*4443\s*;/listen 8080;/g" ${NGINX_CONF}
         sed -i -e "s/ssl\s*on\s*;/ssl off;/g" ${NGINX_CONF}
-        sed -i -e "/\s*ssl_*/d" ${NGINX_CONF}
+        sed -i -e "s/ssl_/#ssl_/g" ${NGINX_CONF}
     fi
 }
 
@@ -35,12 +46,14 @@ setup_ttrss()
 {
     TTRSS_PATH=/var/www/ttrss
 
-    mkdir -p ${TTRSS_PATH}
-    git clone --depth=1 https://tt-rss.org/gitlab/fox/tt-rss.git ${TTRSS_PATH}
-    git clone --depth=1 https://github.com/sepich/tt-rss-mobilize.git ${TTRSS_PATH}/plugins/mobilize
-    git clone --depth=1 https://github.com/hrk/tt-rss-newsplus-plugin.git ${TTRSS_PATH}/plugins/api_newsplus
-    git clone --depth=1 https://github.com/m42e/ttrss_plugin-feediron.git ${TTRSS_PATH}/plugins/feediron
-    git clone --depth=1 https://github.com/levito/tt-rss-feedly-theme.git ${TTRSS_PATH}/themes/feedly-git
+    if [ ! -d ${TTRSS_PATH} ]; then
+        mkdir -p ${TTRSS_PATH}
+        git clone --depth=1 https://tt-rss.org/gitlab/fox/tt-rss.git ${TTRSS_PATH}
+        git clone --depth=1 https://github.com/sepich/tt-rss-mobilize.git ${TTRSS_PATH}/plugins/mobilize
+        git clone --depth=1 https://github.com/hrk/tt-rss-newsplus-plugin.git ${TTRSS_PATH}/plugins/api_newsplus
+        git clone --depth=1 https://github.com/m42e/ttrss_plugin-feediron.git ${TTRSS_PATH}/plugins/feediron
+        git clone --depth=1 https://github.com/levito/tt-rss-feedly-theme.git ${TTRSS_PATH}/themes/feedly-git
+    fi
 
     # Add initial config.
     cp ${TTRSS_PATH}/config.php-dist ${TTRSS_PATH}/config.php
diff --git a/root/srv/start-ttrss.sh b/root/srv/start-ttrss.sh
index ed87717..35c02c6 100755
--- a/root/srv/start-ttrss.sh
+++ b/root/srv/start-ttrss.sh
@@ -2,8 +2,8 @@
 
 set -e
 
-# Update configuration. This is necessary for entering the current IP + PORT of the database.
-/srv/update-ttrss.sh --no-start
+# Call the setup script to make sure everything is ready to go.
+/srv/setup-ttrss.sh --no-start
 
 # Call the image's init script which in turn calls the s6 supervisor then.
 /init
diff --git a/root/srv/update-ttrss.sh b/root/srv/update-ttrss.sh
index 698e5e4..6c6f776 100755
--- a/root/srv/update-ttrss.sh
+++ b/root/srv/update-ttrss.sh
@@ -77,7 +77,7 @@ update_plugin_feediron
 update_theme_feedly
 update_common
 
-echo "Update: Done."
+echo "Update: Done"
 
 if [ "$1" != "--no-start" ]; then
     echo "Update: Starting all ..."