Implemented rolling release support:

- Now basing on image 'kdelfour/supervisor-docker'
    - Cron script will check and update TT-RSS and all plugins on a daily basis automatically
    - SSL/TLS encryption is off by default so that TT-RSS is running on port 80 by default now
    - SSL/TLS can be enabled with setting "-e TTRSS_SSL_ENABLED=1"
    - A lot of cleanups

10_ttrss.sh

@@ -1,18 +0,0 @@
-#!/bin/sh
-
-set -eu
-set -x
-
-php /root/configure-db.php
-php /root/configure-plugin-mobilize.php
-
-# Generate the TLS certificate for our Tiny Tiny RSS server instance.
-openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
-    -subj "/C=US/ST=World/L=World/O=ttrss/CN=ttrss" \
-    -keyout "/etc/ssl/private/ttrss.key" \
-    -out "/etc/ssl/certs/ttrss.cert"
-chmod 600 "/etc/ssl/private/ttrss.key"
-chmod 600 "/etc/ssl/certs/ttrss.cert"
-
-# Configure Nginx so that is doesn't show its version number in the HTTP headers.
-sed -i -e "s/.*server_tokens.*/server_tokens off;/g" /etc/nginx/nginx.conf

Dockerfile

@@ -1,13 +1,13 @@
-FROM phusion/baseimage
+FROM kdelfour/supervisor-docker
 # Initially was based on work of Christian Lück <christian@lueck.tv>
 MAINTAINER Andreas Löffler <andy@x86dev.com>
 
 RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \
   nginx git ca-certificates php5-fpm php5-cli php5-curl php5-gd php5-json \
-  php5-pgsql 
+  php5-pgsql
 # php5-mysql
 
-# add ttrss as the only nginx site
+# add ttrss as the only Nginx site
 ADD ttrss-nginx.conf /etc/nginx/sites-available/ttrss
 RUN ln -s /etc/nginx/sites-available/ttrss /etc/nginx/sites-enabled/ttrss
 RUN rm /etc/nginx/sites-enabled/default
@@ -21,32 +21,8 @@ RUN sed -i -e "s/;daemonize\s*=\s*yes/daemonize = no/g" /etc/php5/fpm/php-fpm.co
 #       (see /var/log/nginx/error.log for more information then)
 RUN sed -i -e "s/listen\s*=.*/listen = \/var\/run\/php5-fpm.sock/g" /etc/php5/fpm/pool.d/www.conf
 
-# install ttrss and patch configuration
-RUN git clone https://github.com/gothfox/Tiny-Tiny-RSS.git /var/www/ttrss
-WORKDIR /var/www/ttrss
-RUN cp config.php-dist config.php
-RUN sed -i -e "/'SELF_URL_PATH'/s/ '.*'/ 'http:\/\/localhost\/'/" config.php
-
-# install Feedly theme
-RUN git clone https://github.com/levito/tt-rss-feedly-theme.git
-RUN ln -s /var/www/ttrss/tt-rss-feedly-theme/feedly /var/www/ttrss/themes/feedly
-RUN ln -s /var/www/ttrss/tt-rss-feedly-theme/feedly.css /var/www/ttrss/themes/feedly.css
-
-# install ttrss-mobilize plugin
-RUN git clone https://github.com/sepich/tt-rss-mobilize.git /var/www/ttrss/plugins/mobilize
-ADD ttrss-plugin-mobilize.pgsql /var/www/ttrss/plugins/mobilize/ttrss-plugin-mobilize.pgsql
-
-# patch ttrss-mobilize plugin for getting it to work
-RUN sed -i -e "s/<? */<?php/" /var/www/ttrss/plugins/mobilize/m.php
-
-# install tt-rss-newsplus-plugin (for use with News+ on Android)
-RUN git clone https://github.com/hrk/tt-rss-newsplus-plugin.git /var/www/ttrss/plugins/api_newsplus
-RUN ln -s /var/www/ttrss/plugins/api_newsplus/api_newsplus/init.php /var/www/ttrss/plugins/api_newsplus/init.php
-
-# apply ownership of ttrss + addons to www-data
-RUN chown www-data:www-data -R /var/www
-
-# expose nginx HTTPS port
+# expose Nginx ports
+EXPOSE 80
 EXPOSE 443
 
 # expose default database credentials via ENV in order to ease overwriting
@@ -56,22 +32,29 @@ ENV DB_PASS ttrss
 
 # always re-configure database with current ENV when RUNning container, then monitor all services
 ## @todo pack the scripts to a .zip, ADD this and RUN it in setup.sh. Later.
-ADD utils.php /root/utils.php
-ADD configure-db.php /root/configure-db.php
-ADD configure-plugin-mobilize.php /root/configure-plugin-mobilize.php
+RUN mkdir -p /srv
+ADD ttrss-utils.php                     /srv/ttrss-utils.php
+ADD ttrss-configure-db.php              /srv/ttrss-configure-db.php
+ADD ttrss-configure-plugin-mobilize.php /srv/ttrss-configure-plugin-mobilize.php
+ADD ttrss-plugin-mobilize.pgsql         /srv/ttrss-plugin-mobilize.pgsql
 
-# Enable additional system plugins: api_newsplus
-RUN sed -i -e "s/.*define('PLUGINS'.*/define('PLUGINS', 'api_newsplus, auth_internal, note, updater');/g" /var/www/ttrss/config.php
+ADD setup-ttrss.sh                      /srv/setup-ttrss.sh
+ADD update-ttrss.sh                     /srv/update-ttrss.sh
 
-RUN mkdir /etc/service/nginx
-ADD service-nginx.sh /etc/service/nginx/run
+# add updater script for rolling release model -- currently runs on a daily basis
+RUN ln -s /srv/update-ttrss.sh /etc/cron.daily/update-ttrss.sh
+RUN service cron restart
 
-RUN mkdir /etc/service/php5-fpm
-ADD service-php5-fpm.sh /etc/service/php5-fpm/run
+RUN mkdir -p /etc/supervisor/conf.d
+ADD service-nginx.conf        /etc/supervisor/conf.d/nginx.conf
+ADD service-php5-fpm.conf     /etc/supervisor/conf.d/php5.conf
+ADD service-ttrss-update.conf /etc/supervisor/conf.d/ttrss-update.conf
 
-RUN mkdir /etc/service/ttrss-update
-ADD service-ttrss-update.sh /etc/service/ttrss-update/run
+RUN /srv/setup-ttrss.sh
 
-ADD 10_ttrss.sh /etc/my_init.d/10_ttrss.sh
-CMD /sbin/my_init
+# clean up
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
+# start supervisord
+WORKDIR /srv
+CMD ["supervisord", "-c", "/etc/supervisor/supervisord.conf"]

service-nginx.conf

@@ -0,0 +1,4 @@
+[program:nginx]
+command=/usr/sbin/nginx -g "daemon off;"
+user=root
+redirect_stderr=true

service-nginx.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-set -eu
-set -x
-
-/usr/sbin/nginx -g "daemon off;" >> /var/log/service-nginx.log 2>&1

service-php5-fpm.conf

@@ -0,0 +1,4 @@
+[program:php5-fpm]
+command=/usr/sbin/php5-fpm
+user=root
+redirect_stderr=true

service-php5-fpm.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-set -eu
-set -x
-
-/usr/sbin/php5-fpm >> /var/log/service-php5-fpm.log 2>&1

service-ttrss-update.conf

@@ -0,0 +1,4 @@
+[program:ttrss-daemon]
+command=/usr/bin/php /var/www/ttrss/update_daemon2.php
+user=www-data
+redirect_stderr=true

service-ttrss-update.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-set -eu
-set -x
-
-exec /sbin/setuser www-data /usr/bin/php /var/www/ttrss/update_daemon2.php >> /var/log/service-ttrss-update.log 2>&1

setup-ttrss.sh

@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -e
+
+setup_nginx()
+{
+    if [ -z "$TTRSS_HOST" ]; then
+        TTRSS_HOST=ttrss
+    fi
+
+    if [ "$TTRSS_SSL_ENABLED" = "1" ]; then
+        if [ ! -f "/etc/ssl/private/ttrss.key" ]; then
+            # Generate the TLS certificate for our Tiny Tiny RSS server instance.
+            openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
+                -subj "/C=US/ST=World/L=World/O=$TTRSS_HOST/CN=$TTRSS_HOST" \
+                -keyout "/etc/ssl/private/ttrss.key" \
+                -out "/etc/ssl/certs/ttrss.crt"
+        fi
+        chmod 600 "/etc/ssl/private/ttrss.key"
+        chmod 600 "/etc/ssl/certs/ttrss.crt"
+    else
+        # Turn off SSL.
+        sed -i -e "s/listen\s*443\s*;/listen 80;/g" /etc/nginx/sites-enabled/ttrss
+        sed -i -e "s/ssl\s*on\s*;/ssl off;/g" /etc/nginx/sites-enabled/ttrss
+        sed -i -e "/\s*ssl_*/d" /etc/nginx/sites-enabled/ttrss
+    fi
+
+    # Configure Nginx so that is doesn't show its version number in the HTTP headers.
+    sed -i -e "s/.*server_tokens.*/server_tokens off;/g" /etc/nginx/nginx.conf
+}
+
+setup_ttrss()
+{
+    TTRSS_PATH=/var/www/ttrss
+
+    mkdir -p ${TTRSS_PATH}
+    git clone https://tt-rss.org/gitlab/fox/tt-rss.git ${TTRSS_PATH}
+    git clone https://github.com/sepich/tt-rss-mobilize.git ${TTRSS_PATH}/plugins/mobilize
+    git clone https://github.com/hrk/tt-rss-newsplus-plugin.git ${TTRSS_PATH}/plugins/api_newsplus
+    git clone https://github.com/levito/tt-rss-feedly-theme.git ${TTRSS_PATH}/themes/feedly-git
+
+    # Add initial config.
+    cp ${TTRSS_PATH}/config.php-dist ${TTRSS_PATH}/config.php
+
+    # Patch URL path.
+    sed -i -e "/'SELF_URL_PATH'/s/ '.*'/ 'http:\/\/localhost\/'/" ${TTRSS_PATH}/config.php
+
+    # Enable additional system plugins: api_newsplus.
+    sed -i -e "s/.*define('PLUGINS'.*/define('PLUGINS', 'api_newsplus, auth_internal, note, updater');/g" ${TTRSS_PATH}/config.php
+}
+
+echo "Setup: Installing Tiny Tiny RSS ..."
+setup_ttrss
+setup_nginx
+
+echo "Setup: Applying updates ..."
+/srv/update-ttrss.sh --no-start
+
+echo "Setup: Done"

ttrss-configure-db.php

@@ -1,11 +1,13 @@
 #!/usr/bin/env php
 <?php
 
-include '/root/utils.php';
+include '/srv/ttrss-utils.php';
+
+$config['TTRSS_PATH'] = '/var/www/ttrss/';
 
 $ename = 'DB';
 $eport = 5432;
-$confpath = '/var/www/ttrss/config.php';
+$confpath = $config['TTRSS_PATH'] . 'config.php';
 
 // check DB_NAME, which will be set automatically for a linked "db" container
 if (!env($ename . '_PORT', '')) {
@@ -57,7 +59,7 @@ try {
 }
 catch (PDOException $e) {
     echo 'Database table not found, applying schema... ' . PHP_EOL;
-    $schema = file_get_contents('schema/ttrss_schema_' . $config['DB_TYPE'] . '.sql');
+    $schema = file_get_contents($config['TTRSS_PATH'] . 'schema/ttrss_schema_' . $config['DB_TYPE'] . '.sql');
     $schema = preg_replace('/--(.*?);/', '', $schema);
     $schema = preg_replace('/[\r\n]/', ' ', $schema);
     $schema = trim($schema, ' ;');

ttrss-configure-plugin-mobilize.php

@@ -1,7 +1,7 @@
 #!/usr/bin/env php
 <?php
 
-include '/root/utils.php';
+include '/srv/ttrss-utils.php';
 
 $ename = 'DB';
 $eport = 5432;
@@ -32,7 +32,7 @@ try {
 }
 catch (PDOException $e) {
     echo 'Database table for mobilize plugin not found, applying schema... ' . PHP_EOL;
-    $schema = file_get_contents('plugins/mobilize/ttrss-plugin-mobilize.pgsql');
+    $schema = file_get_contents('/srv/ttrss-plugin-mobilize.pgsql');
     $schema = preg_replace('/--(.*?);/', '', $schema);
     $schema = preg_replace('/[\r\n]/', ' ', $schema);
     $schema = trim($schema, ' ;');

ttrss-nginx.conf

@@ -1,14 +1,14 @@
 server {
-    listen 443;
-    root /var/www;
+    listen                    443;
+    root                      /var/www/ttrss;
 
     ssl                       on;
-    ssl_certificate           /etc/ssl/certs/ttrss.cert;
+    ssl_certificate           /etc/ssl/certs/ttrss.crt;
     ssl_certificate_key       /etc/ssl/private/ttrss.key;
     ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
-    ssl_prefer_server_ciphers on; 
+    ssl_prefer_server_ciphers on;
     ssl_ciphers               "AES256+EECDH:AES256+EDH:!aNULL";
-    
+
     index index.php index.html;
 
     location / {

update-ttrss.sh

@@ -0,0 +1,65 @@
+#!/bin/sh
+set -e
+
+TTRSS_PATH=/var/www/ttrss
+
+update_ttrss()
+{
+    echo "Updating: Tiny Tiny RSS"
+    ( cd ${TTRSS_PATH} && git pull origin master )
+
+    if [ -n "$DB_PORT" ]; then
+        echo "Updating: Database"
+        php /srv/ttrss-configure-db.php
+        php /srv/ttrss-configure-plugin-mobilize.php
+    fi
+}
+
+update_plugin_mobilize()
+{
+    echo "Updating: Mobilize plugin"
+    ( cd ${TTRSS_PATH}/plugins/mobilize && git pull origin master )
+
+    # Patch ttrss-mobilize plugin for getting it to work
+    sed -i -e "s/<? */<?php/" ${TTRSS_PATH}/plugins/mobilize/m.php
+}
+
+# For use with News+ on Android. Buy the Pro version -- I love it!
+update_plugin_newsplus()
+{
+    echo "Updating: News+ plugin"
+    ( cd ${TTRSS_PATH}/plugins/api_newsplus && git pull origin master )
+
+    # Link plugin to TTRSS.
+    ln -f -s ${TTRSS_PATH}/plugins/api_newsplus/api_newsplus/init.php ${TTRSS_PATH}/plugins/api_newsplus/init.php
+}
+
+update_theme_feedly()
+{
+    echo "Updating: Feedly theme"
+    ( cd ${TTRSS_PATH}/themes/feedly-git && git pull origin master )
+
+    # Link theme to TTRSS.
+    ln -f -s ${TTRSS_PATH}/themes/feedly-git/feedly ${TTRSS_PATH}/themes/feedly
+    ln -f -s ${TTRSS_PATH}/themes/feedly-git/feedly.css ${TTRSS_PATH}/themes/feedly.css
+}
+
+update_common()
+{
+    # Apply ownership of ttrss + addons to www-data.
+    chown www-data:www-data -R ${TTRSS_PATH}
+}
+
+echo "Update: Updating rolling release ..."
+echo "Update: Stopping all ..."
+supervisorctl stop all
+update_ttrss
+update_plugin_mobilize
+update_plugin_newsplus
+update_theme_feedly
+update_common
+if [ "$1" != "--no-start" ]; then
+    echo "Update: Starting all ..."
+    supervisorctl start all
+fi
+echo "Update: Done."