Merge cbc91e6ded59fae3ad0ff8c54f407718a6cce94c into adacce4ba156ad35a1386fe1b8c19bd929e420f8
This commit is contained in:
commit
c0818ce1fe
16
Dockerfile
16
Dockerfile
@ -1,9 +1,9 @@
|
|||||||
FROM ubuntu
|
FROM ubuntu:14.04
|
||||||
MAINTAINER Christian Lück <christian@lueck.tv>
|
MAINTAINER Christian Lück <christian@lueck.tv>
|
||||||
|
|
||||||
RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \
|
RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \
|
||||||
nginx supervisor php5-fpm php5-cli php5-curl php5-gd php5-json \
|
git nginx supervisor php5-fpm php5-cli php5-curl php5-gd php5-json \
|
||||||
php5-pgsql php5-mysql php5-mcrypt && apt-get clean && rm -rf /var/lib/apt/lists/*
|
php5-pgsql php5-ldap php5-mysql php5-mcrypt && apt-get clean && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# enable the mcrypt module
|
# enable the mcrypt module
|
||||||
RUN php5enmod mcrypt
|
RUN php5enmod mcrypt
|
||||||
@ -19,6 +19,10 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y curl --n
|
|||||||
&& curl -SL https://tt-rss.org/gitlab/fox/tt-rss/repository/archive.tar.gz?ref=master | tar xzC /var/www --strip-components 1 \
|
&& curl -SL https://tt-rss.org/gitlab/fox/tt-rss/repository/archive.tar.gz?ref=master | tar xzC /var/www --strip-components 1 \
|
||||||
&& apt-get purge -y --auto-remove curl \
|
&& apt-get purge -y --auto-remove curl \
|
||||||
&& chown www-data:www-data -R /var/www
|
&& chown www-data:www-data -R /var/www
|
||||||
|
|
||||||
|
RUN git clone https://github.com/hydrian/TTRSS-Auth-LDAP.git /TTRSS-Auth-LDAP && \
|
||||||
|
cp -r /TTRSS-Auth-LDAP/plugins/auth_ldap plugins/ && \
|
||||||
|
ls -la /var/www/plugins
|
||||||
RUN cp config.php-dist config.php
|
RUN cp config.php-dist config.php
|
||||||
|
|
||||||
# expose only nginx HTTP port
|
# expose only nginx HTTP port
|
||||||
@ -32,7 +36,11 @@ ENV DB_NAME ttrss
|
|||||||
ENV DB_USER ttrss
|
ENV DB_USER ttrss
|
||||||
ENV DB_PASS ttrss
|
ENV DB_PASS ttrss
|
||||||
|
|
||||||
|
# auth method, options are: internal, ldap
|
||||||
|
ENV AUTH_METHOD internal
|
||||||
|
|
||||||
# always re-configure database with current ENV when RUNning container, then monitor all services
|
# always re-configure database with current ENV when RUNning container, then monitor all services
|
||||||
ADD configure-db.php /configure-db.php
|
ADD configure-db.php /configure-db.php
|
||||||
ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
|
ADD supervisord.conf /etc/supervisor/conf.d/supervisord.conf
|
||||||
CMD php /configure-db.php && supervisord -c /etc/supervisor/conf.d/supervisord.conf
|
ADD entrypoint.sh /entrypoint.sh
|
||||||
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
26
README.md
26
README.md
@ -164,6 +164,32 @@ For more information check out the [official documentation](https://github.com/g
|
|||||||
-e SELF_URL_PATH=https://example.org/ttrss
|
-e SELF_URL_PATH=https://example.org/ttrss
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Authentication
|
||||||
|
|
||||||
|
This container supports internal and ldap by setting `AUTH_METHOD` to `internal` or `ldap`. Default is `internal`.
|
||||||
|
|
||||||
|
```
|
||||||
|
-e AUTH_METHOD=internal
|
||||||
|
```
|
||||||
|
|
||||||
|
### LDAP
|
||||||
|
|
||||||
|
If `AUTH_METHOD` is set to `ldap` you must/can set the following variables:
|
||||||
|
|
||||||
|
- `LDAP_AUTH_SERVER_URI`. Default is `ldap://ldap`
|
||||||
|
- `LDAP_AUTH_USETLS`. Default is `FALSE`
|
||||||
|
- `LDAP_AUTH_ALLOW_UNTRUSTED_CERT`. Default is `TRUE`
|
||||||
|
- `LDAP_AUTH_BASEDN`. Require
|
||||||
|
- `LDAP_AUTH_ANONYMOUSBEFOREBIND`. Default `FALSE`
|
||||||
|
- `LDAP_AUTH_SEARCHFILTER`. `???` is replaced by the login name. Default `(&(objectClass=user)(sAMAccountName=???))`
|
||||||
|
- `LDAP_AUTH_BINDDN`. Required
|
||||||
|
- `LDAP_AUTH_BINDPW`. Required
|
||||||
|
- `LDAP_AUTH_LOGIN_ATTRIB`. Default is `sAMAccountName`
|
||||||
|
- `LDAP_AUTH_LOG_ATTEMPTS`. Default is `FALSE`
|
||||||
|
- `LDAP_AUTH_DEBUG`. Default is `FALSE`
|
||||||
|
|
||||||
|
For more information consult https://github.com/hydrian/TTRSS-Auth-LDAP
|
||||||
|
|
||||||
### Testing ttrss in foreground
|
### Testing ttrss in foreground
|
||||||
|
|
||||||
For testing purposes it's recommended to initially start this container in foreground.
|
For testing purposes it's recommended to initially start this container in foreground.
|
||||||
|
@ -101,9 +101,25 @@ catch (PDOException $e) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$contents = file_get_contents($confpath);
|
$contents = file_get_contents($confpath);
|
||||||
|
if(getenv('AUTH_METHOD') == "ldap") {
|
||||||
|
$config['PLUGINS'] = 'auth_ldap, note';
|
||||||
|
$contents .= "define('LDAP_AUTH_SERVER_URI', '" . env("LDAP_AUTH_SERVER_URI", "ldap://ldap") . "');\n";
|
||||||
|
$contents .= "define('LDAP_AUTH_USETLS', " . env("LDAP_AUTH_USETLS", "FALSE") . "); \n";
|
||||||
|
$contents .= "define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', " . env("LDAP_AUTH_ALLOW_UNTRUSTED_CERT", "TRUE") . ");\n";
|
||||||
|
$contents .= "define('LDAP_AUTH_BASEDN', '" . env("LDAP_AUTH_BASEDN") . "');\n";
|
||||||
|
$contents .= "define('LDAP_AUTH_ANONYMOUSBEFOREBIND', " . env("LDAP_AUTH_ANONYMOUSBEFOREBIND", "FALSE") . ");\n";
|
||||||
|
// ??? will be replaced with the entered username(escaped) at login
|
||||||
|
$contents .= "define('LDAP_AUTH_SEARCHFILTER', '" .env("LDAP_AUTH_SEARCHFILTER", "(&(objectClass=user)(sAMAccountName=???))") . "');\n";
|
||||||
|
$contents .= "define('LDAP_AUTH_BINDDN', '" . env("LDAP_AUTH_BINDDN") . "');\n";
|
||||||
|
$contents .= "define('LDAP_AUTH_BINDPW', '" . env("LDAP_AUTH_BINDPW") . "');\n";
|
||||||
|
$contents .= "define('LDAP_AUTH_LOGIN_ATTRIB', '" . env("LDAP_AUTH_LOGIN_ATTRIB", "sAMAccountName") . "');\n";
|
||||||
|
$contents .= "define('LDAP_AUTH_LOG_ATTEMPTS', " . env("LDAP_AUTH_LOG_ATTEMPTS", "FALSE") . ");\n";
|
||||||
|
$contents .= "define('LDAP_AUTH_DEBUG', " . env("LDAP_AUTH_DEBUG", "FALSE") . ");\n";
|
||||||
|
}
|
||||||
foreach ($config as $name => $value) {
|
foreach ($config as $name => $value) {
|
||||||
$contents = preg_replace('/(define\s*\(\'' . $name . '\',\s*)(.*)(\);)/', '$1"' . $value . '"$3', $contents);
|
$contents = preg_replace('/(define\s*\(\'' . $name . '\',\s*)(.*)(\);)/', '$1"' . $value . '"$3', $contents);
|
||||||
}
|
}
|
||||||
|
|
||||||
file_put_contents($confpath, $contents);
|
file_put_contents($confpath, $contents);
|
||||||
|
|
||||||
function env($name, $default = null)
|
function env($name, $default = null)
|
||||||
|
19
entrypoint.sh
Executable file
19
entrypoint.sh
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# remove trailing / if any.
|
||||||
|
SELF_URL_PATH=${SELF_URL_PATH/%\//}
|
||||||
|
|
||||||
|
# extract the root path from SELF_URL_PATH (i.e http://domain.tld/<root_path>).
|
||||||
|
ROOT_PATH=${SELF_URL_PATH/#http*\:\/\/*\//}
|
||||||
|
if [ "${ROOT_PATH}" == "${SELF_URL_PATH}" ]; then
|
||||||
|
# no root path in SELF_URL_PATH.
|
||||||
|
mkdir -p /var/tmp
|
||||||
|
ln -sf "/var/www" "/var/tmp/www"
|
||||||
|
else
|
||||||
|
mkdir -p /var/tmp/www
|
||||||
|
ln -sf "/var/www" "/var/tmp/www/${ROOT_PATH}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
php /configure-db.php
|
||||||
|
exec supervisord -c /etc/supervisor/conf.d/supervisord.conf
|
@ -1,6 +1,6 @@
|
|||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
root /var/www;
|
root /var/tmp/www;
|
||||||
|
|
||||||
index index.php index.html;
|
index index.php index.html;
|
||||||
|
|
||||||
@ -15,4 +15,3 @@ server {
|
|||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user