web/docker-ttrss
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

addnonssl
Some checks failed
web/docker-ttrss/pipeline/head There was a failure building this commit
Details

Browse Source
This commit is contained in:
Julien Cabillot 2025-01-06 17:21:16 -05:00
parent 7d141bb3b2
commit 860abf0558
5 changed files with 17 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Dockerfile
View File

@ -44,4 +44,16 @@ ENV DB_PASS=ttrss
# Clean up. # Clean up.
RUN set -xe && apk del --progress --purge && rm -rf /var/cache/apk/* && rm -rf /var/lib/apt/lists/* RUN set -xe && apk del --progress --purge && rm -rf /var/cache/apk/* && rm -rf /var/lib/apt/lists/*
RUN chown -R www-data:www-data /var/www
USER www-data
RUN git clone "https://git.tt-rss.org/fox/tt-rss.git/" "/var/www/ttrss" && \
git clone --depth=1 https://github.com/sepich/tt-rss-mobilize.git /var/www/ttrss/plugins.local/mobilize && \
git clone --depth=1 https://github.com/feediron/ttrss_plugin-feediron.git /var/www/ttrss/plugins.local/feediron && \
git clone --depth=1 https://github.com/levito/tt-rss-feedly-theme.git /var/www/ttrss/themes.local/levito-feedly-git && \
git clone --depth=1 https://github.com/Gravemind/tt-rss-feedlish-theme.git /var/www/ttrss/themes.local/gravemind-feedly-git
USER root
ENTRYPOINT ["/init"] ENTRYPOINT ["/init"]

10
root/etc/cont-init.d/50-php
View File

@ -1,10 +0,0 @@
#!/usr/bin/with-contenv sh
# Make sure to have a defined set of PHP binaries,
# regardless of how the package maintainer(s) named those.
rm -f /usr/bin/php
ln -s /usr/bin/php83 /usr/bin/php
rm -f /usr/sbin/php-fpm
ln -s /usr/sbin/php-fpm83 /usr/sbin/php-fpm

8
root/etc/nginx/nginx.conf
View File

@ -33,15 +33,9 @@ http {
server server
{ {
listen 4443 ssl; listen 8080;
root /var/www/ttrss; root /var/www/ttrss;
ssl_certificate /etc/ssl/certs/ttrss.crt;
ssl_certificate_key /etc/ssl/private/ttrss.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
index index.php index.html; index index.php index.html;
client_max_body_size 100M; client_max_body_size 100M;

64
root/srv/setup-ttrss.sh
View File

@ -1,46 +1,5 @@
#!/bin/sh #!/bin/sh
setup_nginx()
{
if [ -z "$TTRSS_HOST" ]; then
TTRSS_HOST=ttrss
fi
NGINX_CONF=/etc/nginx/nginx.conf
if [ "$TTRSS_WITH_SELFSIGNED_CERT" = "1" ]; then
# Install OpenSSL.
apk update && apk add openssl
if [ ! -f "/etc/ssl/private/ttrss.key" ]; then
echo "Setup: Generating self-signed certificate ..."
# Generate the TLS certificate for our Tiny Tiny RSS server instance.
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \
-subj "/C=US/ST=World/L=World/O=$TTRSS_HOST/CN=$TTRSS_HOST" \
-keyout "/etc/ssl/private/ttrss.key" \
-out "/etc/ssl/certs/ttrss.crt"
fi
# Turn on SSL.
sed -i -e "s/listen\s*8080\s*;/listen 4443;/g" ${NGINX_CONF}
sed -i -e "s/ssl\s*off\s*;/ssl on;/g" ${NGINX_CONF}
sed -i -e "s/#ssl_/ssl_/g" ${NGINX_CONF}
# Set permissions.
chmod 600 "/etc/ssl/private/ttrss.key"
chmod 600 "/etc/ssl/certs/ttrss.crt"
else
echo "Setup: !!! WARNING - No encryption (TLS) used - WARNING !!!"
echo "Setup: !!! This is not recommended for a production server !!!"
echo "Setup: You have been warned."
# Turn off SSL.
sed -i -e "s/listen\s*4443\s*;/listen 8080;/g" ${NGINX_CONF}
sed -i -e "s/ssl\s*on\s*;/ssl off;/g" ${NGINX_CONF}
sed -i -e "s/ssl_/#ssl_/g" ${NGINX_CONF}
fi
}
setup_ttrss() setup_ttrss()
{ {
if [ -z "$TTRSS_REPO_URL" ]; then if [ -z "$TTRSS_REPO_URL" ]; then
@ -54,28 +13,6 @@ setup_ttrss()
TTRSS_PATH_THEMES=${TTRSS_PATH}/themes.local TTRSS_PATH_THEMES=${TTRSS_PATH}/themes.local
TTRSS_PATH_PLUGINS=${TTRSS_PATH}/plugins.local TTRSS_PATH_PLUGINS=${TTRSS_PATH}/plugins.local
if [ ! -d ${TTRSS_PATH} ]; then
mkdir -p ${TTRSS_PATH}
if [ -n "$TTRSS_GIT_TAG" ]; then
echo "Setup: Setting up Tiny Tiny RSS '$TTRSS_GIT_TAG' ..."
cd ${TTRSS_PATH}
git init .
git fetch --depth=1 ${TTRSS_REPO_URL} refs/tags/${TTRSS_GIT_TAG}:refs/tags/${TTRSS_GIT_TAG}
git checkout tags/${TTRSS_GIT_TAG}
else
echo "Setup: Setting up Tiny Tiny RSS (latest revision) ..."
git clone --depth=1 ${TTRSS_REPO_URL} ${TTRSS_PATH}
fi
mkdir -p ${TTRSS_PATH_PLUGINS}
git clone --depth=1 https://github.com/sepich/tt-rss-mobilize.git ${TTRSS_PATH_PLUGINS}/mobilize
git clone --depth=1 https://github.com/feediron/ttrss_plugin-feediron.git ${TTRSS_PATH_PLUGINS}/feediron
mkdir -p ${TTRSS_PATH_THEMES}
git clone --depth=1 https://github.com/levito/tt-rss-feedly-theme.git ${TTRSS_PATH_THEMES}/levito-feedly-git
git clone --depth=1 https://github.com/Gravemind/tt-rss-feedlish-theme.git ${TTRSS_PATH_THEMES}/gravemind-feedly-git
fi
# Add initial config. # Add initial config.
cp ${TTRSS_PATH}/config.php-dist ${TTRSS_PATH}/config.php cp ${TTRSS_PATH}/config.php-dist ${TTRSS_PATH}/config.php
@ -150,7 +87,6 @@ setup_db()
php -f /srv/ttrss-configure-plugin-mobilize.php php -f /srv/ttrss-configure-plugin-mobilize.php
} }
setup_nginx
setup_ttrss setup_ttrss
setup_db setup_db

45
root/srv/update-ttrss.sh
View File

@ -4,38 +4,21 @@ TTRSS_PATH=/var/www/ttrss
TTRSS_PATH_THEMES=${TTRSS_PATH}/themes.local TTRSS_PATH_THEMES=${TTRSS_PATH}/themes.local
TTRSS_PATH_PLUGINS=${TTRSS_PATH}/plugins.local TTRSS_PATH_PLUGINS=${TTRSS_PATH}/plugins.local
update_ttrss()
{
if [ -n "$TTRSS_GIT_TAG" ]; then
echo "Updating Tiny Tiny RSS disabled (using tag '$TTRSS_GIT_TAG')"
return
fi
echo "Updating: Tiny Tiny RSS"
( cd ${TTRSS_PATH} && git pull origin HEAD )
}
update_plugin_mobilize() update_plugin_mobilize()
{ {
echo "Updating: Mobilize plugin" echo "Updating: Mobilize plugin"
( cd ${TTRSS_PATH_PLUGINS}/mobilize && git pull origin HEAD ) #( cd ${TTRSS_PATH_PLUGINS}/mobilize && git pull origin HEAD )
# Patch ttrss-mobilize plugin for getting it to work. # Patch ttrss-mobilize plugin for getting it to work.
sed -i -e "s/<?$/<?php/g" ${TTRSS_PATH_PLUGINS}/mobilize/m.php sed -i -e "s/<?$/<?php/g" ${TTRSS_PATH_PLUGINS}/mobilize/m.php
} }
update_plugin_feediron()
{
echo "Updating: FeedIron"
( cd ${TTRSS_PATH_PLUGINS}/feediron && git pull origin HEAD )
}
update_themes() update_themes()
{ {
echo "Updating: Themes" echo "Updating: Themes"
( cd ${TTRSS_PATH_THEMES}/levito-feedly-git && git pull origin HEAD ) #( cd ${TTRSS_PATH_THEMES}/levito-feedly-git && git pull origin HEAD )
( cd ${TTRSS_PATH_THEMES}/gravemind-feedly-git && git pull origin HEAD ) #( cd ${TTRSS_PATH_THEMES}/gravemind-feedly-git && git pull origin HEAD )
cd ${TTRSS_PATH_THEMES} cd ${TTRSS_PATH_THEMES}
@ -50,30 +33,8 @@ update_themes()
ln -f -s ${TTRSS_PATH_THEMES}/gravemind-feedly-git/feedlish-night.css.map ln -f -s ${TTRSS_PATH_THEMES}/gravemind-feedly-git/feedlish-night.css.map
} }
update_common()
{
if [ -z "$MY_ROOT_UID" ]; then
MY_ROOT_UID=0
fi
if [ -z "$MY_ROOT_GID" ]; then
MY_ROOT_GID=0
fi
echo "Updating: Updating permissions"
for CUR_DIR in /etc/nginx /etc/php83 /var/lib/nginx /etc/services.d; do
chown -R ${MY_ROOT_UID}:${MY_ROOT_GID} ${CUR_DIR}
done
chown -R www-data:www-data ${TTRSS_PATH}
echo "Updating: Updating permissions done"
}
update_ttrss
update_plugin_mobilize update_plugin_mobilize
update_plugin_feediron
update_themes update_themes
update_common
echo "Update: Done" echo "Update: Done"