addnonssl

Dockerfile

@@ -3,7 +3,7 @@
 FROM alpine:3.21
 # Initially was based on work of Christian Lück <christian@lueck.tv>.
 LABEL description="A complete, self-hosted Tiny Tiny RSS (TTRSS) environment." \
-      maintainer="Andreas Löffler <andy@x86dev.com>"
+    maintainer="Andreas Löffler <andy@x86dev.com>"
 
 RUN set -xe && \
     apk update && apk upgrade && \
@@ -44,4 +44,16 @@ ENV DB_PASS=ttrss
 # Clean up.
 RUN set -xe && apk del --progress --purge && rm -rf /var/cache/apk/* && rm -rf /var/lib/apt/lists/*
 
+RUN chown -R www-data:www-data /var/www
+
+USER www-data
+
+RUN git clone "https://git.tt-rss.org/fox/tt-rss.git/" "/var/www/ttrss" && \
+    git clone --depth=1 https://github.com/sepich/tt-rss-mobilize.git /var/www/ttrss/plugins.local/mobilize && \
+    git clone --depth=1 https://github.com/feediron/ttrss_plugin-feediron.git /var/www/ttrss/plugins.local/feediron && \
+    git clone --depth=1 https://github.com/levito/tt-rss-feedly-theme.git /var/www/ttrss/themes.local/levito-feedly-git && \
+    git clone --depth=1 https://github.com/Gravemind/tt-rss-feedlish-theme.git /var/www/ttrss/themes.local/gravemind-feedly-git
+
+USER root
+
 ENTRYPOINT ["/init"]

root/etc/cont-init.d/50-php

@@ -1,10 +0,0 @@
-#!/usr/bin/with-contenv sh
-
-# Make sure to have a defined set of PHP binaries,
-# regardless of how the package maintainer(s) named those.
-
-rm -f /usr/bin/php
-ln -s /usr/bin/php83 /usr/bin/php
-
-rm -f /usr/sbin/php-fpm
-ln -s /usr/sbin/php-fpm83 /usr/sbin/php-fpm

root/etc/nginx/nginx.conf

@@ -33,15 +33,9 @@ http {
 
     server 
     {
-        listen                    4443 ssl;
+        listen                    8080;
         root                      /var/www/ttrss;
 
-        ssl_certificate           /etc/ssl/certs/ttrss.crt;
-        ssl_certificate_key       /etc/ssl/private/ttrss.key;
-        ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
-        ssl_prefer_server_ciphers on;
-        ssl_ciphers               "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
-
         index index.php index.html;
         client_max_body_size 100M;
 

root/srv/setup-ttrss.sh

@@ -1,46 +1,5 @@
 #!/bin/sh
 
-setup_nginx()
-{
-    if [ -z "$TTRSS_HOST" ]; then
-        TTRSS_HOST=ttrss
-    fi
-
-    NGINX_CONF=/etc/nginx/nginx.conf
-
-    if [ "$TTRSS_WITH_SELFSIGNED_CERT" = "1" ]; then
-        # Install OpenSSL.
-        apk update && apk add openssl
-
-        if [ ! -f "/etc/ssl/private/ttrss.key" ]; then
-            echo "Setup: Generating self-signed certificate ..."
-            # Generate the TLS certificate for our Tiny Tiny RSS server instance.
-            openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \
-                -subj "/C=US/ST=World/L=World/O=$TTRSS_HOST/CN=$TTRSS_HOST" \
-                -keyout "/etc/ssl/private/ttrss.key" \
-                -out "/etc/ssl/certs/ttrss.crt"
-        fi
-
-        # Turn on SSL.
-        sed -i -e "s/listen\s*8080\s*;/listen 4443;/g" ${NGINX_CONF}
-        sed -i -e "s/ssl\s*off\s*;/ssl on;/g" ${NGINX_CONF}
-        sed -i -e "s/#ssl_/ssl_/g" ${NGINX_CONF}
-
-        # Set permissions.
-        chmod 600 "/etc/ssl/private/ttrss.key"
-        chmod 600 "/etc/ssl/certs/ttrss.crt"
-    else
-        echo "Setup: !!! WARNING - No encryption (TLS) used - WARNING    !!!"
-        echo "Setup: !!! This is not recommended for a production server !!!"
-        echo "Setup:                You have been warned."
-
-        # Turn off SSL.
-        sed -i -e "s/listen\s*4443\s*;/listen 8080;/g" ${NGINX_CONF}
-        sed -i -e "s/ssl\s*on\s*;/ssl off;/g" ${NGINX_CONF}
-        sed -i -e "s/ssl_/#ssl_/g" ${NGINX_CONF}
-    fi
-}
-
 setup_ttrss()
 {
     if [ -z "$TTRSS_REPO_URL" ]; then
@@ -54,28 +13,6 @@ setup_ttrss()
     TTRSS_PATH_THEMES=${TTRSS_PATH}/themes.local
     TTRSS_PATH_PLUGINS=${TTRSS_PATH}/plugins.local
 
-    if [ ! -d ${TTRSS_PATH} ]; then
-        mkdir -p ${TTRSS_PATH}
-        if [ -n "$TTRSS_GIT_TAG" ]; then
-            echo "Setup: Setting up Tiny Tiny RSS '$TTRSS_GIT_TAG' ..."
-            cd ${TTRSS_PATH}
-            git init .
-            git fetch --depth=1 ${TTRSS_REPO_URL} refs/tags/${TTRSS_GIT_TAG}:refs/tags/${TTRSS_GIT_TAG}
-            git checkout tags/${TTRSS_GIT_TAG}
-        else
-            echo "Setup: Setting up Tiny Tiny RSS (latest revision) ..."
-            git clone --depth=1 ${TTRSS_REPO_URL} ${TTRSS_PATH}
-        fi
-
-        mkdir -p ${TTRSS_PATH_PLUGINS}
-        git clone --depth=1 https://github.com/sepich/tt-rss-mobilize.git ${TTRSS_PATH_PLUGINS}/mobilize
-        git clone --depth=1 https://github.com/feediron/ttrss_plugin-feediron.git ${TTRSS_PATH_PLUGINS}/feediron
-
-        mkdir -p ${TTRSS_PATH_THEMES}
-        git clone --depth=1 https://github.com/levito/tt-rss-feedly-theme.git ${TTRSS_PATH_THEMES}/levito-feedly-git
-        git clone --depth=1 https://github.com/Gravemind/tt-rss-feedlish-theme.git ${TTRSS_PATH_THEMES}/gravemind-feedly-git
-    fi
-
     # Add initial config.
     cp ${TTRSS_PATH}/config.php-dist ${TTRSS_PATH}/config.php
 
@@ -150,7 +87,6 @@ setup_db()
     php -f /srv/ttrss-configure-plugin-mobilize.php
 }
 
-setup_nginx
 setup_ttrss
 setup_db
 

root/srv/update-ttrss.sh

@@ -4,38 +4,21 @@ TTRSS_PATH=/var/www/ttrss
 TTRSS_PATH_THEMES=${TTRSS_PATH}/themes.local
 TTRSS_PATH_PLUGINS=${TTRSS_PATH}/plugins.local
 
-update_ttrss()
-{
-    if [ -n "$TTRSS_GIT_TAG" ]; then
-        echo "Updating Tiny Tiny RSS disabled (using tag '$TTRSS_GIT_TAG')"
-        return
-    fi
-
-    echo "Updating: Tiny Tiny RSS"
-    ( cd ${TTRSS_PATH} && git pull origin HEAD )
-}
-
 update_plugin_mobilize()
 {
     echo "Updating: Mobilize plugin"
-    ( cd ${TTRSS_PATH_PLUGINS}/mobilize && git pull origin HEAD )
+    #( cd ${TTRSS_PATH_PLUGINS}/mobilize && git pull origin HEAD )
 
     # Patch ttrss-mobilize plugin for getting it to work.
     sed -i -e "s/<?$/<?php/g" ${TTRSS_PATH_PLUGINS}/mobilize/m.php
 }
 
-update_plugin_feediron()
-{
-    echo "Updating: FeedIron"
-    ( cd ${TTRSS_PATH_PLUGINS}/feediron && git pull origin HEAD )
-}
-
 update_themes()
 {
     echo "Updating: Themes"
 
-    ( cd ${TTRSS_PATH_THEMES}/levito-feedly-git && git pull origin HEAD )
+    #( cd ${TTRSS_PATH_THEMES}/levito-feedly-git && git pull origin HEAD )
-    ( cd ${TTRSS_PATH_THEMES}/gravemind-feedly-git && git pull origin HEAD )
+    #( cd ${TTRSS_PATH_THEMES}/gravemind-feedly-git && git pull origin HEAD )
 
     cd ${TTRSS_PATH_THEMES}
 
@@ -50,30 +33,8 @@ update_themes()
     ln -f -s ${TTRSS_PATH_THEMES}/gravemind-feedly-git/feedlish-night.css.map
 }
 
-update_common()
-{
-    if [ -z "$MY_ROOT_UID" ]; then
-        MY_ROOT_UID=0
-    fi
-    if [ -z "$MY_ROOT_GID" ]; then
-        MY_ROOT_GID=0
-    fi
-
-    echo "Updating: Updating permissions"
-    for CUR_DIR in /etc/nginx /etc/php83 /var/lib/nginx /etc/services.d; do
-        chown -R ${MY_ROOT_UID}:${MY_ROOT_GID} ${CUR_DIR}
-    done
-
-    chown -R www-data:www-data ${TTRSS_PATH}
-
-    echo "Updating: Updating permissions done"
-}
-
-update_ttrss
 update_plugin_mobilize
-update_plugin_feediron
 update_themes
-update_common
 
 echo "Update: Done"