chaos/docker-images
2
1
Fork 0
Code Issues 1 Pull Requests Projects Releases 1 Wiki Activity

merged
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Udo Waechter
2024-04-21 17:02:48 +02:00
parent 7da16def78
commit 4b2f5d8c9f
67 changed files with 7 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
apps/dolibarr/Dockerfile
View File

@@ -1,116 +0,0 @@
FROM cr.lan/debian-stable-php-fpm
# see https://wiki.dolibarr.org/index.php/Dependencies_and_external_libraries
# Prepare folders
ENV DEBIAN_FRONTEND noninteractive
RUN set -ex; \
apt-get update -q; \
apt-get install -y --no-install-recommends \
bzip2 \
default-mysql-client \
cron \
rsync \
unzip \
zip php-soap;\
mkdir -p /var/www/documents; \
chown -R www-data:root /var/www; \
chmod -R g=u /var/www
# CLeanup
RUN apt-get autoremove --purge -y && \
apt-get clean -y && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /var/cache/apt/* /tmp/* /var/tmp/* /var/log/*
VOLUME /var/www/html /var/www/documents /var/www/scripts
# Runtime env var
ENV DOLI_AUTO_CONFIGURE=1 \
DOLI_DB_TYPE=mysqli \
DOLI_DB_HOST= \
DOLI_DB_PORT=3306 \
DOLI_DB_USER=dolibarr \
DOLI_DB_PASSWORD='' \
DOLI_DB_NAME=dolibarr \
DOLI_DB_PREFIX=llx_ \
DOLI_DB_CHARACTER_SET=utf8 \
DOLI_DB_COLLATION=utf8_unicode_ci \
DOLI_DB_ROOT_LOGIN='' \
DOLI_DB_ROOT_PASSWORD='' \
DOLI_ADMIN_LOGIN=admin \
DOLI_MODULES='' \
DOLI_URL_ROOT='http://localhost' \
DOLI_AUTH=dolibarr \
DOLI_LDAP_HOST= \
DOLI_LDAP_PORT=389 \
DOLI_LDAP_VERSION=3 \
DOLI_LDAP_SERVERTYPE=openldap \
DOLI_LDAP_LOGIN_ATTRIBUTE=uid \
DOLI_LDAP_DN='' \
DOLI_LDAP_FILTER='' \
DOLI_LDAP_ADMIN_LOGIN='' \
DOLI_LDAP_ADMIN_PASS='' \
DOLI_LDAP_DEBUG=false \
DOLI_HTTPS=0 \
DOLI_PROD=0 \
DOLI_NO_CSRF_CHECK=0 \
WWW_USER_ID=33 \
WWW_GROUP_ID=33 \
PHP_INI_DATE_TIMEZONE='UTC' \
PHP_MEMORY_LIMIT=256M \
PHP_MAX_UPLOAD=20M \
PHP_MAX_EXECUTION_TIME=300
# Build time env var
ARG DOLI_VERSION=13.0.4
# Get Dolibarr
ADD https://github.com/Dolibarr/dolibarr/archive/${DOLI_VERSION}.zip /tmp/dolibarr.zip
# Install Dolibarr from tag archive
RUN set -ex; \
mkdir -p /tmp/dolibarr; \
unzip -q /tmp/dolibarr.zip -d /tmp/dolibarr; \
rm /tmp/dolibarr.zip; \
mkdir -p /usr/src/dolibarr; \
cp -r "/tmp/dolibarr/dolibarr-${DOLI_VERSION}"/* /usr/src/dolibarr; \
rm -rf /tmp/dolibarr; \
chmod +x /usr/src/dolibarr/scripts/*; \
echo "${DOLI_VERSION}" > /usr/src/dolibarr/.docker-image-version
COPY entrypoint.sh /
RUN set -ex; \
chmod 755 /entrypoint.sh ;\
mkdir -p /run/php
ENTRYPOINT ["/entrypoint.sh"]
CMD ["php-fpm7.4", "--nodaemonize", "-c", "/etc/php/7.4/fpm/php.ini", "--fpm-config", "/etc/php/7.4/fpm/php-fpm.conf"]
# Arguments to label built container
ARG VCS_REF
ARG BUILD_DATE
# Container labels (http://label-schema.org/)
# Container annotations (https://github.com/opencontainers/image-spec)
LABEL maintainer="Monogramm maintainers <opensource at monogramm dot io>" \
product="Dolibarr" \
version=${DOLI_VERSION} \
org.label-schema.vcs-ref=${VCS_REF} \
org.label-schema.vcs-url="https://github.com/Monogramm/docker-dolibarr" \
org.label-schema.build-date=${BUILD_DATE} \
org.label-schema.name="Dolibarr" \
org.label-schema.description="Open Source ERP & CRM for Business" \
org.label-schema.url="https://www.dolibarr.org/" \
org.label-schema.vendor="Dolibarr" \
org.label-schema.version=$DOLI_VERSION \
org.label-schema.schema-version="1.0" \
org.opencontainers.image.revision=${VCS_REF} \
org.opencontainers.image.source="https://github.com/Monogramm/docker-dolibarr" \
org.opencontainers.image.created=${BUILD_DATE} \
org.opencontainers.image.title="Dolibarr" \
org.opencontainers.image.description="Open Source ERP & CRM for Business" \
org.opencontainers.image.url="https://www.dolibarr.org/" \
org.opencontainers.image.vendor="Dolibarr" \
org.opencontainers.image.version=${DOLI_VERSION} \
org.opencontainers.image.authors="Monogramm maintainers <opensource at monogramm dot io>"

3
apps/dolibarr/README.md
View File

@@ -1,3 +0,0 @@
create nginx configmap
kubectl -n live-env create configmap dolibarr-nginx-site --from-file=nginx-site.configmap.conf

104
apps/dolibarr/deployment.yaml
View File

@@ -1,104 +0,0 @@
#we use postgresql:
#create database dolibarr;
#create user dolibarr with encrypted password 'secret';
#grant all privileges on database dolibarr to dolibarr;
apiVersion: apps/v1
kind: Deployment
metadata:
name: dolibarr
labels:
app: dolibarr
release: latest
spec:
replicas: 1
selector:
matchLabels:
app: dolibarr
release: latest
template:
metadata:
labels:
app: dolibarr
release: latest
spec:
volumes:
- name: dolibarr-nginx-site
configMap:
name: dolibarr-nginx-site
- name: www-data
emptyDir: {}
containers:
- name: nginx-proxy
image: nginx
volumeMounts:
- name: dolibarr-nginx-site
mountPath: /etc/nginx/conf.d
- name: www-data
mountPath: /var/www/html
ports:
- name: http
containerPort: 80
protocol: TCP
- name: dolibarr
image: cr.lan/dolibarr:latest
volumeMounts:
- name: www-data
mountPath: /var/www/html
env:
- name: TZ
value: "Europe/Berlin"
- name: DOLI_DB_HOST
value: postgres.live-env.svc.cluster.local
- name: DOLI_DB_PORT
value: "5432"
- name: DOLI_DB_NAME
value: dolibarr
- name: DOLI_DB_USER
value: dolibarr
- name: DOLI_DB_PASSWORD
value: Vb7yHzmE5HIjfU4hjghjghj6AnMdB
- name: DOLI_DB_TYPE
value: pgsql
ports:
- name: php-fpm
containerPort: 9000
protocol: TCP
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "3000m"
---
apiVersion: v1
kind: Service
metadata:
name: dolibarr
spec:
ports:
- name: http
port: 80
selector:
app: dolibarr
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dolibarr
annotations:
kubernetes.io/ingress.class: nginx
ingress.kubernetes.io/whitelist-x-forwarded-for: "true"
spec:
rules:
- host: dolibarr.lan
http:
paths:
- backend:
service:
name: dolibarr
port:
name: http
path: /
pathType: Prefix

271
apps/dolibarr/entrypoint.sh
View File

@@ -1,271 +0,0 @@
#!/bin/sh
set -e
log() {
echo "[$0] [$(date +%Y-%m-%dT%H:%M:%S)] $*"
}
# version_greater A B returns whether A > B
version_greater() {
[ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
}
# return true if specified directory is empty
directory_empty() {
[ -z "$(ls -A "$1/")" ]
}
run_as() {
if [ "$(id -u)" = 0 ]; then
su - www-data -s /bin/sh -c "$1"
else
sh -c "$1"
fi
}
if [ ! -f /usr/local/etc/php/php.ini ]; then
log "Initializing PHP configuration..."
cat <<EOF > /etc/php/7.4/fpm/php.ini
date.timezone = "${PHP_INI_DATE_TIMEZONE}"
memory_limit = ${PHP_MEMORY_LIMIT}
file_uploads = On
upload_max_filesize = ${PHP_MAX_UPLOAD}
post_max_size = ${PHP_MAX_UPLOAD}
max_execution_time = ${PHP_MAX_EXECUTION_TIME}
sendmail_path = /usr/sbin/sendmail -t -i
extension = calendar.so
EOF
fi
if [ ! -d /var/www/documents ]; then
log "Initializing Dolibarr documents directory..."
mkdir -p /var/www/documents
fi
log "Updating Dolibarr users and group..."
usermod -u "$WWW_USER_ID" www-data
groupmod -g "$WWW_GROUP_ID" www-data
log "Updating Dolibarr folder ownership..."
chown -R www-data:www-data /var/www
if [ ! -d /var/www/html/conf/ ]; then
log "Initializing Dolibarr HTML configuration directory..."
mkdir -p /var/www/html/conf/
fi
# Create a default config if autoconfig enabled
if [ -n "$DOLI_AUTO_CONFIGURE" ] && [ ! -f /var/www/html/conf/conf.php ]; then
log "Initializing Dolibarr HTML configuration..."
cat <<EOF > /var/www/html/conf/conf.php
<?php
// Config file for Dolibarr ${DOLI_VERSION} ($(date +%Y-%m-%dT%H:%M:%S%:z))
// ###################
// # Main parameters #
// ###################
\$dolibarr_main_url_root='${DOLI_URL_ROOT}';
\$dolibarr_main_document_root='/var/www/html';
\$dolibarr_main_url_root_alt='/custom';
\$dolibarr_main_document_root_alt='/var/www/html/custom';
\$dolibarr_main_data_root='/var/www/documents';
\$dolibarr_main_db_host='${DOLI_DB_HOST}';
\$dolibarr_main_db_port='${DOLI_DB_PORT}';
\$dolibarr_main_db_name='${DOLI_DB_NAME}';
\$dolibarr_main_db_prefix='${DOLI_DB_PREFIX}';
\$dolibarr_main_db_user='${DOLI_DB_USER}';
\$dolibarr_main_db_pass='${DOLI_DB_PASSWORD}';
\$dolibarr_main_db_type='${DOLI_DB_TYPE}';
\$dolibarr_main_db_character_set='${DOLI_DB_CHARACTER_SET}';
\$dolibarr_main_db_collation='${DOLI_DB_COLLATION}';
// ##################
// # Login #
// ##################
\$dolibarr_main_authentication='${DOLI_AUTH}';
\$dolibarr_main_auth_ldap_host='${DOLI_LDAP_HOST}';
\$dolibarr_main_auth_ldap_port='${DOLI_LDAP_PORT}';
\$dolibarr_main_auth_ldap_version='${DOLI_LDAP_VERSION}';
\$dolibarr_main_auth_ldap_servertype='${DOLI_LDAP_SERVERTYPE}';
\$dolibarr_main_auth_ldap_login_attribute='${DOLI_LDAP_LOGIN_ATTRIBUTE}';
\$dolibarr_main_auth_ldap_dn='${DOLI_LDAP_DN}';
\$dolibarr_main_auth_ldap_filter ='${DOLI_LDAP_FILTER}';
\$dolibarr_main_auth_ldap_admin_login='${DOLI_LDAP_ADMIN_LOGIN}';
\$dolibarr_main_auth_ldap_admin_pass='${DOLI_LDAP_ADMIN_PASS}';
\$dolibarr_main_auth_ldap_debug='${DOLI_LDAP_DEBUG}';
// ##################
// # Security #
// ##################
\$dolibarr_main_prod='${DOLI_PROD}';
\$dolibarr_main_force_https='${DOLI_HTTPS}';
\$dolibarr_main_restrict_os_commands='mysqldump, mysql, pg_dump, pgrestore';
\$dolibarr_nocsrfcheck='${DOLI_NO_CSRF_CHECK}';
\$dolibarr_main_cookie_cryptkey='$(openssl rand -hex 32)';
\$dolibarr_mailing_limit_sendbyweb='0';
EOF
chown www-data:www-data /var/www/html/conf/conf.php
chmod 766 /var/www/html/conf/conf.php
fi
# Detect Docker container version (ie. previous installed version)
installed_version="0.0.0.0"
if [ -f /var/www/documents/.docker-container-version ]; then
# shellcheck disable=SC2016
installed_version="$(cat /var/www/documents/.docker-container-version)"
fi
if [ -f /var/www/documents/install.version ]; then
# shellcheck disable=SC2016
installed_version="$(cat /var/www/documents/install.version)"
mv \
/var/www/documents/install.version \
/var/www/documents/.docker-container-version
fi
# Detect Docker image version (docker specific solution)
# shellcheck disable=SC2016
image_version="${DOLI_VERSION}"
if [ -f /usr/src/dolibarr/.docker-image-version ]; then
# shellcheck disable=SC2016
image_version="$(cat /usr/src/dolibarr/.docker-image-version)"
fi
if version_greater "$installed_version" "$image_version"; then
log "Can't start Dolibarr because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
exit 1
fi
# Initialize image
if version_greater "$image_version" "$installed_version"; then
log "Dolibarr initialization..."
if [ "$(id -u)" = 0 ]; then
rsync_options="-rvlDog --chown www-data:root"
else
rsync_options="-rvlD"
fi
mkdir -p /var/www/scripts
rsync $rsync_options /usr/src/dolibarr/scripts/ /var/www/scripts/
rsync $rsync_options --delete --exclude /conf/ --exclude /custom/ --exclude /theme/ /usr/src/dolibarr/htdocs/ /var/www/html/
for dir in conf custom; do
if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/dolibarr/htdocs/ /var/www/html/
fi
done
# The theme folder contains custom and official themes. We must copy even if folder is not empty, but not delete content either
for dir in theme; do
rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/dolibarr/htdocs/ /var/www/html/
done
if [ "$installed_version" != "0.0.0.0" ]; then
# Call upgrade if needed
# https://wiki.dolibarr.org/index.php/Installation_-_Upgrade#With_Dolibarr_.28standard_.zip_package.29
log "Dolibarr upgrade from $installed_version to $image_version..."
if [ -f /var/www/documents/install.lock ]; then
rm /var/www/documents/install.lock
fi
base_version=$(echo "${installed_version}" | sed -e 's|\(.*\..*\)\..*|\1|g')
target_version=$(echo "${image_version}" | sed -e 's|\(.*\..*\)\..*|\1|g')
run_as "cd /var/www/html/install/ && php upgrade.php ${base_version}.0 ${target_version}.0"
run_as "cd /var/www/html/install/ && php upgrade2.php ${base_version}.0 ${target_version}.0"
run_as "cd /var/www/html/install/ && php step5.php ${base_version}.0 ${target_version}.0"
log 'This is a lock file to prevent use of install pages (generated by container entrypoint)' > /var/www/documents/install.lock
chown www-data:www-data /var/www/documents/install.lock
chmod 400 /var/www/documents/install.lock
elif [ -n "$DOLI_AUTO_CONFIGURE" ] && [ ! -f /var/www/documents/install.lock ]; then
log "Create forced values for first Dolibarr install..."
cat <<EOF > /var/www/html/install/install.forced.php
<?php
// Forced install config file for Dolibarr ${DOLI_VERSION} ($(date +%Y-%m-%dT%H:%M:%S%:z))
/** @var bool Hide PHP informations */
\$force_install_nophpinfo = true;
/** @var int 1 = Lock and hide environment variables, 2 = Lock all set variables */
\$force_install_noedit = 2;
/** @var string Information message */
\$force_install_message = 'Dolibarr installation (Docker)';
/** @var string Data root absolute path (documents folder) */
\$force_install_main_data_root = '/var/www/documents';
/** @var bool Force HTTPS */
\$force_install_mainforcehttps = !empty('${DOLI_HTTPS}');
/** @var string Database name */
\$force_install_database = '${DOLI_DB_NAME}';
/** @var string Database driver (mysql|mysqli|pgsql|mssql|sqlite|sqlite3) */
\$force_install_type = '${DOLI_DB_TYPE}';
/** @var string Database server host */
\$force_install_dbserver = '${DOLI_DB_HOST}';
/** @var int Database server port */
\$force_install_port = '${DOLI_DB_PORT}';
/** @var string Database tables prefix */
\$force_install_prefix = '${DOLI_DB_PREFIX}';
/** @var string Database username */
\$force_install_databaselogin = '${DOLI_DB_USER}';
/** @var string Database password */
\$force_install_databasepass = '${DOLI_DB_PASSWORD}';
/** @var bool Force database user creation */
\$force_install_createuser = false;
/** @var bool Force database creation */
\$force_install_createdatabase = !empty('${DOLI_DB_ROOT_LOGIN}');
/** @var string Database root username */
\$force_install_databaserootlogin = '${DOLI_DB_ROOT_LOGIN}';
/** @var string Database root password */
\$force_install_databaserootpass = '${DOLI_DB_ROOT_PASSWORD}';
/** @var string Dolibarr super-administrator username */
\$force_install_dolibarrlogin = '${DOLI_ADMIN_LOGIN}';
/** @var bool Force install locking */
\$force_install_lockinstall = true;
/** @var string Enable module(s) (Comma separated class names list) */
\$force_install_module = '${DOLI_MODULES}';
EOF
log "You shall complete Dolibarr install manually at '${DOLI_URL_ROOT}/install'"
fi
fi
if [ ! -d /var/www/htdocs ]; then
log "Adding a symlink to /var/www/htdocs..."
ln -s /var/www/html /var/www/htdocs
fi
if [ ! -d /var/www/scripts ]; then
log "Initializing Dolibarr scripts directory..."
cp /usr/src/dolibarr/scripts /var/www/scripts
fi
if [ -f /var/www/documents/install.lock ]; then
log "Updating Dolibarr installed version..."
echo "$image_version" > /var/www/documents/.docker-container-version
fi
log "Serving Dolibarr...$@"
exec "$@"

60
apps/dolibarr/nginx-site.configmap.conf
View File

@@ -1,60 +0,0 @@
server {
listen 80;
listen [::]:80;
add_header Referrer-Policy origin; # make sure outgoing links don't show the URL to the Matomo instance
root /var/www/html;
index index.php index.html;
try_files $uri $uri/ =404;
## only allow accessing the following php files
location ~ \.php$ {
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;
proxy_connect_timeout 3600;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
send_timeout 3600;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTP_PROXY ""; # prohibit httpoxy: https://httpoxy.org/
fastcgi_pass 127.0.0.1:9000;
}
## disable all access to the following directories
location ~ /\.ht {
deny all;
return 403;
}
location ~ /\.git {
deny all;
}
location ~ \.(gif|ico|jpg|png|svg|js|css|htm|html|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$ {
allow all;
## Cache images,CSS,JS and webfonts for an hour
## Increasing the duration may improve the load-time, but may cause old files to show after an Matomo upgrade
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
}
location ~ /(libs|vendor|plugins|misc/user) {
deny all;
return 403;
}
## properly display textfiles in root directory
location ~/(.*\.md|LEGALNOTICE|LICENSE) {
default_type text/plain;
}
}
# vim: filetype=nginx

23
apps/dolibarr/tekton.yaml
View File

@@ -1,23 +0,0 @@
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: img-dolibarr
spec:
pipelineRef:
name: kaniko-pipeline
params:
- name: git-url
value: http://git-ui.lan/chaos/kubernetes.git
- name: git-revision
value: master
- name: path-to-image-context
value: apps/dolibarr
- name: path-to-dockerfile
value: apps/dolibarr/Dockerfile
- name: image-name
value: cr.lan/dolibarr
workspaces:
- name: git-source
persistentVolumeClaim:
claimName: tektoncd-workspaces
subPath: tekton/dolibarr