addnonssl

2025-01-06 17:21:16 -05:00 · 2025-01-06 17:21:16 -05:00 · 860abf0558
commit 860abf0558
parent 7d141bb3b2
5 changed files with 17 additions and 124 deletions
--- a/12
+++ b/12
@ -44,4 +44,16 @@ ENV DB_PASS=ttrss
 # Clean up.
 RUN set -xe && apk del --progress --purge && rm -rf /var/cache/apk/* && rm -rf /var/lib/apt/lists/*

+RUN chown -R www-data:www-data /var/www
+
+USER www-data
+
+RUN git clone "https://git.tt-rss.org/fox/tt-rss.git/" "/var/www/ttrss" && \
+    git clone --depth=1 https://github.com/sepich/tt-rss-mobilize.git /var/www/ttrss/plugins.local/mobilize && \
+    git clone --depth=1 https://github.com/feediron/ttrss_plugin-feediron.git /var/www/ttrss/plugins.local/feediron && \
+    git clone --depth=1 https://github.com/levito/tt-rss-feedly-theme.git /var/www/ttrss/themes.local/levito-feedly-git && \
+    git clone --depth=1 https://github.com/Gravemind/tt-rss-feedlish-theme.git /var/www/ttrss/themes.local/gravemind-feedly-git
+
+USER root
+
 ENTRYPOINT ["/init"]
--- a/root/etc/cont-init.d/50-php
+++ b/root/etc/cont-init.d/50-php
@ -1,10 +0,0 @@
-#!/usr/bin/with-contenv sh
-
-# Make sure to have a defined set of PHP binaries,
-# regardless of how the package maintainer(s) named those.
-
-rm -f /usr/bin/php
-ln -s /usr/bin/php83 /usr/bin/php
-
-rm -f /usr/sbin/php-fpm
-ln -s /usr/sbin/php-fpm83 /usr/sbin/php-fpm
--- a/root/etc/nginx/nginx.conf
+++ b/root/etc/nginx/nginx.conf
@ -33,15 +33,9 @@ http {

    server 
    {
-        listen                    4443 ssl;
+        listen                    8080;
        root                      /var/www/ttrss;

-        ssl_certificate           /etc/ssl/certs/ttrss.crt;
-        ssl_certificate_key       /etc/ssl/private/ttrss.key;
-        ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
-        ssl_prefer_server_ciphers on;
-        ssl_ciphers               "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
-
        index index.php index.html;
        client_max_body_size 100M;

--- a/root/srv/setup-ttrss.sh
+++ b/root/srv/setup-ttrss.sh
@ -1,46 +1,5 @@
 #!/bin/sh

-setup_nginx()
-{
-    if [ -z "$TTRSS_HOST" ]; then
-        TTRSS_HOST=ttrss
-    fi
-
-    NGINX_CONF=/etc/nginx/nginx.conf
-
-    if [ "$TTRSS_WITH_SELFSIGNED_CERT" = "1" ]; then
-        # Install OpenSSL.
-        apk update && apk add openssl
-
-        if [ ! -f "/etc/ssl/private/ttrss.key" ]; then
-            echo "Setup: Generating self-signed certificate ..."
-            # Generate the TLS certificate for our Tiny Tiny RSS server instance.
-            openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \
-                -subj "/C=US/ST=World/L=World/O=$TTRSS_HOST/CN=$TTRSS_HOST" \
-                -keyout "/etc/ssl/private/ttrss.key" \
-                -out "/etc/ssl/certs/ttrss.crt"
-        fi
-
-        # Turn on SSL.
-        sed -i -e "s/listen\s*8080\s*;/listen 4443;/g" ${NGINX_CONF}
-        sed -i -e "s/ssl\s*off\s*;/ssl on;/g" ${NGINX_CONF}
-        sed -i -e "s/#ssl_/ssl_/g" ${NGINX_CONF}
-
-        # Set permissions.
-        chmod 600 "/etc/ssl/private/ttrss.key"
-        chmod 600 "/etc/ssl/certs/ttrss.crt"
-    else
-        echo "Setup: !!! WARNING - No encryption (TLS) used - WARNING    !!!"
-        echo "Setup: !!! This is not recommended for a production server !!!"
-        echo "Setup:                You have been warned."
-
-        # Turn off SSL.
-        sed -i -e "s/listen\s*4443\s*;/listen 8080;/g" ${NGINX_CONF}
-        sed -i -e "s/ssl\s*on\s*;/ssl off;/g" ${NGINX_CONF}
-        sed -i -e "s/ssl_/#ssl_/g" ${NGINX_CONF}
-    fi
-}
-
 setup_ttrss()
 {
    if [ -z "$TTRSS_REPO_URL" ]; then
@ -54,28 +13,6 @@ setup_ttrss()
    TTRSS_PATH_THEMES=${TTRSS_PATH}/themes.local
    TTRSS_PATH_PLUGINS=${TTRSS_PATH}/plugins.local

-    if [ ! -d ${TTRSS_PATH} ]; then
-        mkdir -p ${TTRSS_PATH}
-        if [ -n "$TTRSS_GIT_TAG" ]; then
-            echo "Setup: Setting up Tiny Tiny RSS '$TTRSS_GIT_TAG' ..."
-            cd ${TTRSS_PATH}
-            git init .
-            git fetch --depth=1 ${TTRSS_REPO_URL} refs/tags/${TTRSS_GIT_TAG}:refs/tags/${TTRSS_GIT_TAG}
-            git checkout tags/${TTRSS_GIT_TAG}
-        else
-            echo "Setup: Setting up Tiny Tiny RSS (latest revision) ..."
-            git clone --depth=1 ${TTRSS_REPO_URL} ${TTRSS_PATH}
-        fi
-
-        mkdir -p ${TTRSS_PATH_PLUGINS}
-        git clone --depth=1 https://github.com/sepich/tt-rss-mobilize.git ${TTRSS_PATH_PLUGINS}/mobilize
-        git clone --depth=1 https://github.com/feediron/ttrss_plugin-feediron.git ${TTRSS_PATH_PLUGINS}/feediron
-
-        mkdir -p ${TTRSS_PATH_THEMES}
-        git clone --depth=1 https://github.com/levito/tt-rss-feedly-theme.git ${TTRSS_PATH_THEMES}/levito-feedly-git
-        git clone --depth=1 https://github.com/Gravemind/tt-rss-feedlish-theme.git ${TTRSS_PATH_THEMES}/gravemind-feedly-git
-    fi
-
    # Add initial config.
    cp ${TTRSS_PATH}/config.php-dist ${TTRSS_PATH}/config.php

@ -150,7 +87,6 @@ setup_db()
    php -f /srv/ttrss-configure-plugin-mobilize.php
 }

-setup_nginx
 setup_ttrss
 setup_db

--- a/root/srv/update-ttrss.sh
+++ b/root/srv/update-ttrss.sh
@ -4,38 +4,21 @@ TTRSS_PATH=/var/www/ttrss
 TTRSS_PATH_THEMES=${TTRSS_PATH}/themes.local
 TTRSS_PATH_PLUGINS=${TTRSS_PATH}/plugins.local

-update_ttrss()
-{
-    if [ -n "$TTRSS_GIT_TAG" ]; then
-        echo "Updating Tiny Tiny RSS disabled (using tag '$TTRSS_GIT_TAG')"
-        return
-    fi
-
-    echo "Updating: Tiny Tiny RSS"
-    ( cd ${TTRSS_PATH} && git pull origin HEAD )
-}
-
 update_plugin_mobilize()
 {
    echo "Updating: Mobilize plugin"
-    ( cd ${TTRSS_PATH_PLUGINS}/mobilize && git pull origin HEAD )
+    #( cd ${TTRSS_PATH_PLUGINS}/mobilize && git pull origin HEAD )

    # Patch ttrss-mobilize plugin for getting it to work.
    sed -i -e "s/<?$/<?php/g" ${TTRSS_PATH_PLUGINS}/mobilize/m.php
 }

-update_plugin_feediron()
-{
-    echo "Updating: FeedIron"
-    ( cd ${TTRSS_PATH_PLUGINS}/feediron && git pull origin HEAD )
-}
-
 update_themes()
 {
    echo "Updating: Themes"

-    ( cd ${TTRSS_PATH_THEMES}/levito-feedly-git && git pull origin HEAD )
-    ( cd ${TTRSS_PATH_THEMES}/gravemind-feedly-git && git pull origin HEAD )
+    #( cd ${TTRSS_PATH_THEMES}/levito-feedly-git && git pull origin HEAD )
+    #( cd ${TTRSS_PATH_THEMES}/gravemind-feedly-git && git pull origin HEAD )

    cd ${TTRSS_PATH_THEMES}

@ -50,30 +33,8 @@ update_themes()
    ln -f -s ${TTRSS_PATH_THEMES}/gravemind-feedly-git/feedlish-night.css.map
 }

-update_common()
-{
-    if [ -z "$MY_ROOT_UID" ]; then
-        MY_ROOT_UID=0
-    fi
-    if [ -z "$MY_ROOT_GID" ]; then
-        MY_ROOT_GID=0
-    fi
-
-    echo "Updating: Updating permissions"
-    for CUR_DIR in /etc/nginx /etc/php83 /var/lib/nginx /etc/services.d; do
-        chown -R ${MY_ROOT_UID}:${MY_ROOT_GID} ${CUR_DIR}
-    done
-
-    chown -R www-data:www-data ${TTRSS_PATH}
-
-    echo "Updating: Updating permissions done"
-}
-
-update_ttrss
 update_plugin_mobilize
-update_plugin_feediron
 update_themes
-update_common

 echo "Update: Done"