...
 
Commits (2)
FROM php:7.2-fpm-alpine
# Heavily based on:
# * https://github.com/linuxserver/docker-bookstack/blob/master/Dockerfile
# * https://github.com/solidnerd/docker-bookstack/blob/master/Dockerfile
LABEL description="Docker image for BookStack based on PHP over Alpine"
LABEL mantainer="Erus <erus@rlab.be>, HacKan <hackan@rlab.be>"
LABEL vendor="Antifa GLUG"
LABEL vendor.url="https://antifa-glug.org"
LABEL url="https://git.rlab.be...."
LABEL version="0.1.0"
# Generate hashes with `sha512sum -b <file>`
ARG COMPOSER_HASH=5a465f56b483df2314cee5dc81a8e877cb607439ebc203963ecaa5e98784bf111f969b5683b5a71560f182403ddddce2f0cda342398c5d41fc46225f82cfdcf2
# PHP base image user
ARG PHP_USER=www-data
RUN echo "Installing required packages..." \
&& apk update \
&& apk add --no-cache \
wget \
zlib-dev \
freetype-dev \
libjpeg-turbo-dev \
libpng-dev \
tidyhtml-dev \
git \
&& echo "Configuring PHP-FPM..." \
&& echo 'env[PATH] = /usr/local/bin:/usr/bin:/bin' >> /usr/local/etc/php-fpm.d/www.conf \
&& chown 755 /var/www/html \
&& docker-php-ext-install pdo pdo_mysql mbstring zip tidy \
&& docker-php-ext-configure gd --with-freetype-dir=usr/include/ --with-jpeg-dir=/usr/include/ \
&& docker-php-ext-install gd
RUN echo "Installing composer..." \
&& wget \
-O /tmp/composer-setup.php \
'https://getcomposer.org/installer' \
&& echo "$COMPOSER_HASH */tmp/composer-setup.php" | sha512sum -c \
&& php /tmp/composer-setup.php \
&& mv composer.phar /usr/local/bin/composer \
&& mkdir -p /home/${PHP_USER}/.composer \
&& chown ${PHP_USER}:${PHP_USER} /home/${PHP_USER}/.composer \
&& echo "Cleaning up..." \
&& rm -rf \
/root/.composer \
/tmp/*
COPY conf/php.ini /usr/local/etc/php/php.ini
COPY docker-entrypoint.ash /usr/bin/docker-entrypoint
EXPOSE 9000
USER $PHP_USER
ENTRYPOINT ["docker-entrypoint"]
CMD ["php-fpm"]
# nginx-vhost.conf
# configuration of the server
server {
listen 80;
# the domain name it will serve for
server_name _;
root /var/www/html/public;
index index.html index.php;
charset utf-8;
# max upload size
client_max_body_size 10M; # adjust to taste
# User-Agent block
if ( $http_user_agent ~* "Windows 95|Windows 98|wget|curl|libwww-perl|Jorgee" ) {
return 403;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
# Choose either a socket or TCP/IP address
# fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# fastcgi_pass unix:/var/run/php5-fpm.sock; #legacy
fastcgi_pass bookstack:9000;
# Performance tuning
# @see http://tweaked.io/guide/nginx/
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}
# deny all direct access for these dirs
location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; }
# deny running scripts inside core system dirs
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user dir
location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root dir
location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess|\.env|env) { return 403; }
}
# END nginx-vhost.conf
This diff is collapsed.
version: '3'
services:
mysql:
image: mariadb:10.2
restart: unless-stopped
environment:
- MYSQL_ROOT_PASSWORD
- MYSQL_DATABASE
- MYSQL_USER
- MYSQL_PASSWORD
volumes:
- mysql-data:/var/lib/mysql:rw
redis:
image: redis:5-alpine
restart: unless-stopped
bookstack:
build: .
read_only: true
restart: unless-stopped
tmpfs:
- /run
- /tmp
- /home/www-data/.composer
depends_on:
- mysql
- redis
environment:
- APP_URL
- APP_DEBUG
- APP_KEY
- DB_HOST=mysql
- DB_DATABASE=$MYSQL_DATABASE
- DB_USERNAME=$MYSQL_USER
- DB_PASSWORD=$MYSQL_PASSWORD
- MAIL_DRIVER=smtp
- MAIL_FROM
- MAIL_FROM_NAME
- MAIL_HOST
- MAIL_PORT
- MAIL_USERNAME
- MAIL_PASSWORD
- MAIL_ENCRYPTION
- SESSION_SECURE_COOKIE
- DISABLE_EXTERNAL_SERVICES
- APP_VIEWS_BOOKS
- APP_VIEWS_BOOKSHELVES
- REVISION_LIMIT
- ALLOW_CONTENT_SCRIPTS
- CACHE_DRIVER=redis
- REDIS_HOST=redis
volumes:
- ./bookstack:/var/www/html:rw
nginx:
image: nginx:mainline-alpine
read_only: true
restart: unless-stopped
tmpfs:
- /run
- /var/cache/nginx
ports:
- "80:80"
volumes:
- ./conf/nginx-vhost.conf:/etc/nginx/conf.d/bookstack.conf:ro
- ./bookstack:/var/www/html:ro
depends_on:
- bookstack
volumes:
mysql-data:
driver: local
#!/bin/ash
set -eu
echoerr() { echo "$*" 1>&2; }
bailout() {
echoerr "$*"
exit 1
}
cd /var/www/html
DB_PORT=${DB_PORT:-3306}
if [ ! -f ".env" ]; then
cat > ".env" <<-EOF
# Environment
APP_ENV=production
APP_DEBUG=${APP_DEBUG:-false}
APP_KEY=${APP_KEY}
# The below url has to be set if using social auth options
# or if you are not using BookStack at the root path of your domain.
APP_URL=${APP_URL}
# Database details
DB_PORT=${DB_PORT}
DB_HOST=${DB_HOST}
DB_DATABASE=${DB_DATABASE}
DB_USERNAME=${DB_USERNAME}
DB_PASSWORD=${DB_PASSWORD}
# Cache and session
CACHE_DRIVER=${CACHE_DRIVER:-file}
SESSION_DRIVER=${CACHE_DRIVER:-file}
SESSION_SECURE_COOKIE=${SESSION_SECURE_COOKIE}
QUEUE_DRIVER=sync
REDIS_HOST=${REDIS_HOST:-null}
REDIS_PASSWORD=${REDIS_PASSWORD:-null}
REDIS_PORT=${REDIS_PORT:-6379}
REDIS_SERVERS=${REDIS_HOST}:${REDIS_PORT:-6379}:0
# Storage
STORAGE_TYPE=local
# General auth
AUTH_METHOD=standard
# External services such as Gravatar
DISABLE_EXTERNAL_SERVICES=${DISABLE_EXTERNAL_SERVICES:-false}
# Mail settings
MAIL_DRIVER=${MAIL_DRIVER}
MAIL_HOST=${MAIL_HOST}
MAIL_PORT=${MAIL_PORT}
MAIL_USERNAME=${MAIL_USERNAME}
MAIL_PASSWORD=${MAIL_PASSWORD}
MAIL_ENCRYPTION=${MAIL_ENCRYPTION}
MAIL_FROM_NAME=${MAIL_FROM_NAME}
MAIL_FROM=${MAIL_FROM}
# Listing
APP_VIEWS_BOOKS=${APP_VIEWS_BOOKS:-list}
APP_VIEWS_BOOKSHELVES=${APP_VIEWS_BOOKSHELVES:-grid}
REVISION_LIMIT=${REVISION_LIMIT:-20}
# Tags
ALLOW_CONTENT_SCRIPTS=${ALLOW_CONTENT_SCRIPTS:-false}
EOF
sed -i "s/\'single\'/\'errorlog\'/g" config/app.php
echoerr "Setting dir permissions for uploads..."
chown -R www-data:www-data public/uploads && chmod -R 775 public/uploads
chown -R www-data:www-data storage/uploads && chmod -R 775 storage/uploads
fi
composer install
echoerr "Waiting 10s for ${DB_HOST}:${DB_PORT}"
sleep 10
php artisan migrate --force
echoerr "Executing: $*"
exec "$@"
MYSQL_ROOT_PASSWORD
MYSQL_DATABASE
MYSQL_USER
MYSQL_PASSWORD
# true | false
APP_DEBUG
# Application key
# Set to 32 random chars
# @LC_CTYPE=C tr -dc 'a-zA-Z0-9_+-.' < /dev/urandom | dd bs=32 count=1 iflag=fullblock status=none
APP_KEY
# FQDN for the app
# I.E.: https://wiki.domain.com
APP_URL
# From address
MAIL_FROM
# From name
MAIL_FROM_NAME
MAIL_HOST
MAIL_PORT
MAIL_USERNAME
MAIL_PASSWORD
# tls | starttls
MAIL_ENCRYPTION
# Set to true if using SSL/TLS (either own or behind proxy)
# true | false
SESSION_SECURE_COOKIE
# Disable default third-party services such as Gravatar and Draw.IO
# Service-specific options will override this option
# true | false
DISABLE_EXTERNAL_SERVICES
# Default item listing view
# Used for public visitors and user's without a preference
# list | grid
APP_VIEWS_BOOKS
APP_VIEWS_BOOKSHELVES
# Number of page revisions to keep in the system before deleting old revisions.
# If set to 'false' a limit will not be enforced.
# false | <number>
REVISION_LIMIT
# Allow <script> tags in page content
# Note, if set to 'true' the page editor may still escape scripts.
# true | false
ALLOW_CONTENT_SCRIPTS