diff --git a/5.3/Dockerfile b/5.3/Dockerfile index 72cd675..cce3148 100644 --- a/5.3/Dockerfile +++ b/5.3/Dockerfile @@ -33,7 +33,7 @@ RUN set -xe; \ \ addgroup -g 1000 -S wodby; \ adduser -u 1000 -D -S -s /bin/bash -G wodby wodby; \ - adduser www-data wodby; \ + adduser wodby www-data; \ sed -i '/^wodby/s/!/*/' /etc/shadow; \ echo "PS1='\w\$ '" >> /home/wodby/.bashrc; \ \ @@ -197,10 +197,6 @@ RUN set -xe; \ # Add composer bins to $PATH su-exec wodby echo "export PATH=/home/wodby/.composer/vendor/bin:${PATH}" > /home/wodby/.profile; \ \ - # Script to fix volumes permissions via sudo. - echo "chown wodby:wodby ${FILES_DIR} ${APP_ROOT}" > /usr/local/bin/fix-volumes-permissions.sh; \ - chmod +x /usr/local/bin/fix-volumes-permissions.sh; \ - \ # Configure sudoers if [[ -n "${PHP_DEV}" ]]; then \ echo 'wodby ALL=(root) NOPASSWD:SETENV:ALL' > /etc/sudoers.d/wodby; \ @@ -208,11 +204,12 @@ RUN set -xe; \ { \ echo -n 'wodby ALL=(root) NOPASSWD:SETENV: ' ; \ echo -n '/usr/local/sbin/php-fpm, ' ; \ + echo -n '/usr/local/bin/files-import.sh, ' ; \ echo -n '/usr/local/bin/gen-ssh-keys.sh, ' ; \ - echo -n '/usr/local/bin/fix-volumes-permissions.sh, ' ; \ + echo -n '/usr/local/bin/init-volumes.sh, ' ; \ echo -n '/usr/local/bin/migrate.sh, ' ; \ echo -n '/usr/sbin/sshd, ' ; \ - echo "/usr/sbin/crond" ; \ + echo '/usr/sbin/crond' ; \ } | tee /etc/sudoers.d/wodby; \ fi; \ \ @@ -224,26 +221,30 @@ RUN set -xe; \ "${APP_ROOT}" \ "${CONF_DIR}" \ "${FILES_DIR}/public" \ - "${FILES_DIR}/private"; \ + "${FILES_DIR}/private" \ + "${FILES_DIR}/xdebug/traces" \ + "${FILES_DIR}/xdebug/profiler" \ + /home/wodby/.ssh; \ \ - chmod 775 "${FILES_DIR}/public" "${FILES_DIR}/private"; \ - su-exec wodby mkdir /home/wodby/.ssh; \ + chmod -R 775 "${FILES_DIR}"; \ + chown -R www-data:www-data "${FILES_DIR}"; \ + chown -R wodby:wodby \ + "${APP_ROOT}" \ + "${CONF_DIR}" \ + "${PHP_INI_DIR}/conf.d" \ + /usr/local/etc/php-fpm.d/ \ + /home/wodby/; \ \ + # SSHD touch /etc/ssh/sshd_config; \ chown wodby: /etc/ssh/sshd_config; \ \ + # Crontab rm /etc/crontabs/root; \ touch /etc/crontabs/wodby; \ chown root:wodby /etc/crontabs/wodby; \ chmod 660 /etc/crontabs/wodby; \ \ - chown -R wodby:wodby \ - /var/www \ - "${PHP_INI_DIR}/conf.d" \ - "${FILES_DIR}" \ - /usr/local/etc/php-fpm.d/ \ - /home/wodby/.profile; \ - \ # Cleanup su-exec wodby composer clear-cache; \ docker-php-source delete; \ diff --git a/5.3/actions/actions.mk b/5.3/actions/actions.mk index 9e686ec..0b781f4 100644 --- a/5.3/actions/actions.mk +++ b/5.3/actions/actions.mk @@ -32,7 +32,7 @@ git-checkout: files-import: $(call check_defined, source) - files-import.sh $(source) + sudo -E files-import.sh $(source) init-public-storage: $(call check_defined, public_dir) diff --git a/5.3/actions/files-import.sh b/5.3/actions/files-import.sh index db18eb0..886f8ef 100755 --- a/5.3/actions/files-import.sh +++ b/5.3/actions/files-import.sh @@ -14,10 +14,10 @@ get-archive.sh "${source}" "${tmp_dir}" "zip tgz tar.gz tar" # TODO: allow top level dir import only for wodby archives. if [[ -f "${tmp_dir}/.wodby" || (-d "${tmp_dir}/private" && -d "${tmp_dir}/public") ]]; then echo "Wodby backup archive detected. Importing to top directory" - rsync -rlt --force "${tmp_dir}/" "${FILES_DIR}" + rsync -rlt --chown=www-data:www-data "${tmp_dir}/" "${FILES_DIR}" else echo "Importing files to public directory" - rsync -rlt --force "${tmp_dir}/" "${FILES_DIR}/public/" + rsync -rlt --chown=www-data:www-data "${tmp_dir}/" "${FILES_DIR}/public/" fi rm -rf "${tmp_dir}" \ No newline at end of file diff --git a/5.3/actions/init-public-storage.sh b/5.3/actions/init-public-storage.sh index 1ec03ce..b64ceac 100755 --- a/5.3/actions/init-public-storage.sh +++ b/5.3/actions/init-public-storage.sh @@ -26,7 +26,4 @@ if [[ -n "${app_public_dir}" ]]; then else ln -sf "${FILES_DIR}/public" "${app_public_dir}" fi - - # Make sure FPM can write to the public folder. - chmod 775 "${app_public_dir}" fi diff --git a/5.3/actions/init-volumes.sh b/5.3/actions/init-volumes.sh new file mode 100755 index 0000000..6af435f --- /dev/null +++ b/5.3/actions/init-volumes.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +set -e + +if [[ -n "${DEBUG}" ]]; then + set -x +fi + +chown wodby:wodby "${APP_ROOT}" + +declare -a dirs=( + "${FILES_DIR}" + "${FILES_DIR}/private" + "${FILES_DIR}/public" + "${FILES_DIR}/xdebug/profiler" + "${FILES_DIR}/xdebug/traces" +) + +for dir in "${dirs[@]}"; do + mkdir -p "${dir}" + chown www-data:www-data "${dir}" + chmod 775 "${dir}" +done diff --git a/5.3/actions/migrate.sh b/5.3/actions/migrate.sh index 3599968..91548f4 100755 --- a/5.3/actions/migrate.sh +++ b/5.3/actions/migrate.sh @@ -11,21 +11,7 @@ to="${2:-}" # Default user changed from www-data (82) to wodby (1000), change recursively codebase permissions on volume. if [[ "${to:0:1}" == 5 && "${from:0:1}" < 5 ]]; then - echo "1. Migrating to a new major 5.x version. Fixing permissions for:" - echo "- Codebase volume except symlinks (public files dir)" + echo "Migrating to a new major 5.x version." + echo "Fixing permissions for codebase volume except symlinks (public files dir)" find "${APP_ROOT}" -uid 82 ! -type l -exec chown wodby:wodby {} + - echo "- Files volume (only top level dirs and files)" - find "${FILES_DIR}" ! -path "${FILES_DIR}" -uid 82 -maxdepth 1 -exec chown wodby:wodby {} \; -exec chmod 775 {} \; - - if [[ -n "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" ]]; then - echo "Repeating actions for xdebug trace output dir" - chown wodby:wodby "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" - chmod 775 "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" - fi - - if [[ -n "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" ]]; then - echo "Repeating actions for xdebug profiler output dir" - chown wodby:wodby "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" - chmod 775 "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" - fi fi diff --git a/5.3/docker-entrypoint.sh b/5.3/docker-entrypoint.sh index 6f704ac..5051691 100755 --- a/5.3/docker-entrypoint.sh +++ b/5.3/docker-entrypoint.sh @@ -14,25 +14,6 @@ _gotpl() { fi } -# Writable for wodby group (www-data user) -create_group_writable_dirs() { - declare -a dirs=( - "${FILES_DIR}/private" - "${FILES_DIR}/public" - ) - - [[ -n "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" ]] && dirs+=("${PHP_XDEBUG_TRACE_OUTPUT_DIR}") - [[ -n "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" ]] && dirs+=("${PHP_XDEBUG_PROFILER_OUTPUT_DIR}") - - for dir in "${dirs[@]}"; do - # Check for existence to avoid permissions issues from 4.x version. - if [[ ! -d "${dir}" ]]; then - mkdir -p "${dir}" - chmod 775 "${dir}" - fi - done -} - init_ssh_client() { _gotpl "ssh_config.tpl" "${ssh_dir}/config" @@ -86,9 +67,8 @@ init_git() { git config --global user.name "${GIT_USER_NAME}" } -sudo fix-volumes-permissions.sh +sudo init-volumes.sh -create_group_writable_dirs init_ssh_client init_git process_templates diff --git a/5.6/Dockerfile b/5.6/Dockerfile index f3ecea0..cd503e9 100644 --- a/5.6/Dockerfile +++ b/5.6/Dockerfile @@ -55,7 +55,7 @@ RUN set -xe; \ \ addgroup -g 1000 -S wodby; \ adduser -u 1000 -D -S -s /bin/bash -G wodby wodby; \ - adduser www-data wodby; \ + adduser wodby www-data; \ sed -i '/^wodby/s/!/*/' /etc/shadow; \ echo "PS1='\w\$ '" >> /home/wodby/.bashrc; \ \ @@ -170,7 +170,7 @@ RUN set -xe; \ bash /tmp/newrelic/newrelic-install install; \ rm /usr/local/etc/php/conf.d/newrelic.ini; \ mkdir -p /var/log/newrelic/; \ - chown -R wodby:wodby /var/log/newrelic/; \ + chown -R www-data:www-data /var/log/newrelic/; \ chmod -R 775 /var/log/newrelic/; \ \ pecl install \ @@ -222,10 +222,6 @@ RUN set -xe; \ # Add composer bins to $PATH su-exec wodby echo "export PATH=/home/wodby/.composer/vendor/bin:${PATH}" > /home/wodby/.profile; \ \ - # Script to fix volumes permissions via sudo. - echo "chown wodby:wodby ${FILES_DIR} ${APP_ROOT}" > /usr/local/bin/fix-volumes-permissions.sh; \ - chmod +x /usr/local/bin/fix-volumes-permissions.sh; \ - \ # Configure sudoers if [[ -n "${PHP_DEV}" ]]; then \ echo 'wodby ALL=(root) NOPASSWD:SETENV:ALL' > /etc/sudoers.d/wodby; \ @@ -233,8 +229,9 @@ RUN set -xe; \ { \ echo -n 'wodby ALL=(root) NOPASSWD:SETENV: ' ; \ echo -n '/usr/local/sbin/php-fpm, ' ; \ + echo -n '/usr/local/bin/files-import.sh, ' ; \ echo -n '/usr/local/bin/gen-ssh-keys.sh, ' ; \ - echo -n '/usr/local/bin/fix-volumes-permissions.sh, ' ; \ + echo -n '/usr/local/bin/init-volumes.sh, ' ; \ echo -n '/usr/local/bin/migrate.sh, ' ; \ echo -n '/usr/sbin/sshd, ' ; \ echo '/usr/sbin/crond' ; \ @@ -249,26 +246,30 @@ RUN set -xe; \ "${APP_ROOT}" \ "${CONF_DIR}" \ "${FILES_DIR}/public" \ - "${FILES_DIR}/private"; \ + "${FILES_DIR}/private" \ + "${FILES_DIR}/xdebug/traces" \ + "${FILES_DIR}/xdebug/profiler" \ + /home/wodby/.ssh; \ \ - chmod 775 "${FILES_DIR}/public" "${FILES_DIR}/private"; \ - su-exec wodby mkdir /home/wodby/.ssh; \ + chmod -R 775 "${FILES_DIR}"; \ + chown -R www-data:www-data "${FILES_DIR}"; \ + chown -R wodby:wodby \ + "${APP_ROOT}" \ + "${CONF_DIR}" \ + "${PHP_INI_DIR}/conf.d" \ + /usr/local/etc/php-fpm.d/ \ + /home/wodby/; \ \ + # SSHD touch /etc/ssh/sshd_config; \ chown wodby: /etc/ssh/sshd_config; \ \ + # Crontab rm /etc/crontabs/root; \ touch /etc/crontabs/wodby; \ chown root:wodby /etc/crontabs/wodby; \ chmod 660 /etc/crontabs/wodby; \ \ - chown -R wodby:wodby \ - /var/www \ - "${PHP_INI_DIR}/conf.d" \ - "${FILES_DIR}" \ - /usr/local/etc/php-fpm.d/ \ - /home/wodby/.profile; \ - \ # Cleanup su-exec wodby composer clear-cache; \ docker-php-source delete; \ diff --git a/5.6/actions/actions.mk b/5.6/actions/actions.mk index 9e686ec..0b781f4 100644 --- a/5.6/actions/actions.mk +++ b/5.6/actions/actions.mk @@ -32,7 +32,7 @@ git-checkout: files-import: $(call check_defined, source) - files-import.sh $(source) + sudo -E files-import.sh $(source) init-public-storage: $(call check_defined, public_dir) diff --git a/5.6/actions/files-import.sh b/5.6/actions/files-import.sh index db18eb0..886f8ef 100755 --- a/5.6/actions/files-import.sh +++ b/5.6/actions/files-import.sh @@ -14,10 +14,10 @@ get-archive.sh "${source}" "${tmp_dir}" "zip tgz tar.gz tar" # TODO: allow top level dir import only for wodby archives. if [[ -f "${tmp_dir}/.wodby" || (-d "${tmp_dir}/private" && -d "${tmp_dir}/public") ]]; then echo "Wodby backup archive detected. Importing to top directory" - rsync -rlt --force "${tmp_dir}/" "${FILES_DIR}" + rsync -rlt --chown=www-data:www-data "${tmp_dir}/" "${FILES_DIR}" else echo "Importing files to public directory" - rsync -rlt --force "${tmp_dir}/" "${FILES_DIR}/public/" + rsync -rlt --chown=www-data:www-data "${tmp_dir}/" "${FILES_DIR}/public/" fi rm -rf "${tmp_dir}" \ No newline at end of file diff --git a/5.6/actions/init-public-storage.sh b/5.6/actions/init-public-storage.sh index 1ec03ce..b64ceac 100755 --- a/5.6/actions/init-public-storage.sh +++ b/5.6/actions/init-public-storage.sh @@ -26,7 +26,4 @@ if [[ -n "${app_public_dir}" ]]; then else ln -sf "${FILES_DIR}/public" "${app_public_dir}" fi - - # Make sure FPM can write to the public folder. - chmod 775 "${app_public_dir}" fi diff --git a/5.6/actions/init-volumes.sh b/5.6/actions/init-volumes.sh new file mode 100755 index 0000000..6af435f --- /dev/null +++ b/5.6/actions/init-volumes.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +set -e + +if [[ -n "${DEBUG}" ]]; then + set -x +fi + +chown wodby:wodby "${APP_ROOT}" + +declare -a dirs=( + "${FILES_DIR}" + "${FILES_DIR}/private" + "${FILES_DIR}/public" + "${FILES_DIR}/xdebug/profiler" + "${FILES_DIR}/xdebug/traces" +) + +for dir in "${dirs[@]}"; do + mkdir -p "${dir}" + chown www-data:www-data "${dir}" + chmod 775 "${dir}" +done diff --git a/5.6/actions/migrate.sh b/5.6/actions/migrate.sh index 3599968..91548f4 100755 --- a/5.6/actions/migrate.sh +++ b/5.6/actions/migrate.sh @@ -11,21 +11,7 @@ to="${2:-}" # Default user changed from www-data (82) to wodby (1000), change recursively codebase permissions on volume. if [[ "${to:0:1}" == 5 && "${from:0:1}" < 5 ]]; then - echo "1. Migrating to a new major 5.x version. Fixing permissions for:" - echo "- Codebase volume except symlinks (public files dir)" + echo "Migrating to a new major 5.x version." + echo "Fixing permissions for codebase volume except symlinks (public files dir)" find "${APP_ROOT}" -uid 82 ! -type l -exec chown wodby:wodby {} + - echo "- Files volume (only top level dirs and files)" - find "${FILES_DIR}" ! -path "${FILES_DIR}" -uid 82 -maxdepth 1 -exec chown wodby:wodby {} \; -exec chmod 775 {} \; - - if [[ -n "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" ]]; then - echo "Repeating actions for xdebug trace output dir" - chown wodby:wodby "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" - chmod 775 "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" - fi - - if [[ -n "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" ]]; then - echo "Repeating actions for xdebug profiler output dir" - chown wodby:wodby "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" - chmod 775 "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" - fi fi diff --git a/5.6/docker-entrypoint.sh b/5.6/docker-entrypoint.sh index b362313..0307f34 100755 --- a/5.6/docker-entrypoint.sh +++ b/5.6/docker-entrypoint.sh @@ -14,25 +14,6 @@ _gotpl() { fi } -# Writable for wodby group (www-data user) -create_group_writable_dirs() { - declare -a dirs=( - "${FILES_DIR}/private" - "${FILES_DIR}/public" - ) - - [[ -n "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" ]] && dirs+=("${PHP_XDEBUG_TRACE_OUTPUT_DIR}") - [[ -n "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" ]] && dirs+=("${PHP_XDEBUG_PROFILER_OUTPUT_DIR}") - - for dir in "${dirs[@]}"; do - # Check for existence to avoid permissions issues from 4.x version. - if [[ ! -d "${dir}" ]]; then - mkdir -p "${dir}" - chmod 775 "${dir}" - fi - done -} - init_ssh_client() { _gotpl "ssh_config.tpl" "${ssh_dir}/config" @@ -96,9 +77,8 @@ init_git() { git config --global user.name "${GIT_USER_NAME}" } -sudo fix-volumes-permissions.sh +sudo init-volumes.sh -create_group_writable_dirs init_ssh_client init_git process_templates diff --git a/5.6/templates/docker-php-ext-xdebug.ini.tpl b/5.6/templates/docker-php-ext-xdebug.ini.tpl index 9e5e67b..f5e0ba0 100644 --- a/5.6/templates/docker-php-ext-xdebug.ini.tpl +++ b/5.6/templates/docker-php-ext-xdebug.ini.tpl @@ -27,7 +27,7 @@ xdebug.profiler_append = {{ getenv "PHP_XDEBUG_PROFILER_APPEND" "0" }} xdebug.profiler_enable = {{ getenv "PHP_XDEBUG_PROFILER_ENABLE" "0" }} xdebug.profiler_enable_trigger = {{ getenv "PHP_XDEBUG_PROFILER_ENABLE_TRIGGER" "0" }} xdebug.profiler_enable_trigger_value = "{{ getenv "PHP_XDEBUG_PROFILER_ENABLE_TRIGGER_VALUE" "" }}" -xdebug.profiler_output_dir = {{ getenv "PHP_XDEBUG_PROFILER_OUTPUT_DIR" "/tmp" }} +xdebug.profiler_output_dir = {{ getenv "FILES_DIR" }}/xdebug/profiler xdebug.profiler_output_name = {{ getenv "PHP_XDEBUG_PROFILER_OUTPUT_NAME" "cachegrind.out.%p" }} xdebug.remote_addr_header = "{{ getenv "PHP_XDEBUG_REMOTE_ADDR_HEADER" "" }}" xdebug.remote_autostart = {{ getenv "PHP_XDEBUG_REMOTE_AUTOSTART" "1" }} @@ -48,7 +48,7 @@ xdebug.trace_enable_trigger = {{ getenv "PHP_XDEBUG_TRACE_ENABLE_TRIGGER" "0" }} xdebug.trace_enable_trigger_value = "{{ getenv "PHP_XDEBUG_TRACE_ENABLE_TRIGGER_VALUE" "" }}" xdebug.trace_format = {{ getenv "PHP_XDEBUG_TRACE_FORMAT" "0" }} xdebug.trace_options = {{ getenv "PHP_XDEBUG_TRACE_OPTIONS" "0" }} -xdebug.trace_output_dir = {{ getenv "PHP_XDEBUG_TRACE_OUTPUT_DIR" "/tmp" }} +xdebug.trace_output_dir = {{ getenv "FILES_DIR" }}/xdebug/traces xdebug.trace_output_name = {{ getenv "PHP_XDEBUG_TRACE_OUTPUT_NAME" "trace.%c" }} xdebug.var_display_max_children = {{ getenv "PHP_XDEBUG_VAR_DISPLAY_MAX_CHILDREN" "128" }} xdebug.var_display_max_data = {{ getenv "PHP_XDEBUG_VAR_DISPLAY_MAX_DATA" "512" }} diff --git a/7/Dockerfile b/7/Dockerfile index 5183861..89327c1 100644 --- a/7/Dockerfile +++ b/7/Dockerfile @@ -58,7 +58,7 @@ RUN set -xe; \ \ addgroup -g 1000 -S wodby; \ adduser -u 1000 -D -S -s /bin/bash -G wodby wodby; \ - adduser www-data wodby; \ + adduser wodby www-data; \ sed -i '/^wodby/s/!/*/' /etc/shadow; \ echo "PS1='\w\$ '" >> /home/wodby/.bashrc; \ \ @@ -171,15 +171,15 @@ RUN set -xe; \ fi; \ \ # NewRelic extension and agent. - wget -r -nd --no-parent -P /tmp/newrelic -Alinux-musl.tar.gz \ - http://download.newrelic.com/php_agent/release/ >/dev/null 2>&1; \ + newrelic_url="http://download.newrelic.com/php_agent/release/"; \ + wget -r -nd --no-parent -P /tmp/newrelic -Alinux-musl.tar.gz "${newrelic_url}" >/dev/null 2>&1; \ tar -xzf /tmp/newrelic/newrelic-php*.tar.gz --strip=1 -C /tmp/newrelic; \ export NR_INSTALL_SILENT=true; \ export NR_INSTALL_USE_CP_NOT_LN=true; \ bash /tmp/newrelic/newrelic-install install; \ rm /usr/local/etc/php/conf.d/newrelic.ini; \ mkdir -p /var/log/newrelic/; \ - chown -R wodby:wodby /var/log/newrelic/; \ + chown -R www-data:www-data /var/log/newrelic/; \ chmod -R 775 /var/log/newrelic/; \ \ pecl install \ @@ -245,10 +245,6 @@ RUN set -xe; \ # Add composer bins to $PATH su-exec wodby echo "export PATH=/home/wodby/.composer/vendor/bin:${PATH}" > /home/wodby/.profile; \ \ - # Script to fix volumes permissions via sudo. - echo "chown wodby:wodby ${FILES_DIR} ${APP_ROOT}" > /usr/local/bin/fix-volumes-permissions.sh; \ - chmod +x /usr/local/bin/fix-volumes-permissions.sh; \ - \ # Configure sudoers if [[ -n "${PHP_DEV}" ]]; then \ echo 'wodby ALL=(root) NOPASSWD:SETENV:ALL' > /etc/sudoers.d/wodby; \ @@ -256,8 +252,9 @@ RUN set -xe; \ { \ echo -n 'wodby ALL=(root) NOPASSWD:SETENV: ' ; \ echo -n '/usr/local/sbin/php-fpm, ' ; \ + echo -n '/usr/local/bin/files-import.sh, ' ; \ echo -n '/usr/local/bin/gen-ssh-keys.sh, ' ; \ - echo -n '/usr/local/bin/fix-volumes-permissions.sh, ' ; \ + echo -n '/usr/local/bin/init-volumes.sh, ' ; \ echo -n '/usr/local/bin/migrate.sh, ' ; \ echo -n '/usr/sbin/sshd, ' ; \ echo '/usr/sbin/crond' ; \ @@ -272,26 +269,30 @@ RUN set -xe; \ "${APP_ROOT}" \ "${CONF_DIR}" \ "${FILES_DIR}/public" \ - "${FILES_DIR}/private"; \ + "${FILES_DIR}/private" \ + "${FILES_DIR}/xdebug/traces" \ + "${FILES_DIR}/xdebug/profiler" \ + /home/wodby/.ssh; \ \ - chmod 775 "${FILES_DIR}/public" "${FILES_DIR}/private"; \ - su-exec wodby mkdir /home/wodby/.ssh; \ + chmod -R 775 "${FILES_DIR}"; \ + chown -R www-data:www-data "${FILES_DIR}"; \ + chown -R wodby:wodby \ + "${APP_ROOT}" \ + "${CONF_DIR}" \ + "${PHP_INI_DIR}/conf.d" \ + /usr/local/etc/php-fpm.d/ \ + /home/wodby/; \ \ + # SSHD touch /etc/ssh/sshd_config; \ chown wodby: /etc/ssh/sshd_config; \ \ + # Crontab rm /etc/crontabs/root; \ touch /etc/crontabs/wodby; \ chown root:wodby /etc/crontabs/wodby; \ chmod 660 /etc/crontabs/wodby; \ \ - chown -R wodby:wodby \ - /var/www \ - "${PHP_INI_DIR}/conf.d" \ - "${FILES_DIR}" \ - /usr/local/etc/php-fpm.d/ \ - /home/wodby/.profile; \ - \ # Cleanup su-exec wodby composer clear-cache; \ docker-php-source delete; \ diff --git a/7/actions/actions.mk b/7/actions/actions.mk index 9e686ec..0b781f4 100644 --- a/7/actions/actions.mk +++ b/7/actions/actions.mk @@ -32,7 +32,7 @@ git-checkout: files-import: $(call check_defined, source) - files-import.sh $(source) + sudo -E files-import.sh $(source) init-public-storage: $(call check_defined, public_dir) diff --git a/7/actions/files-import.sh b/7/actions/files-import.sh index db18eb0..886f8ef 100755 --- a/7/actions/files-import.sh +++ b/7/actions/files-import.sh @@ -14,10 +14,10 @@ get-archive.sh "${source}" "${tmp_dir}" "zip tgz tar.gz tar" # TODO: allow top level dir import only for wodby archives. if [[ -f "${tmp_dir}/.wodby" || (-d "${tmp_dir}/private" && -d "${tmp_dir}/public") ]]; then echo "Wodby backup archive detected. Importing to top directory" - rsync -rlt --force "${tmp_dir}/" "${FILES_DIR}" + rsync -rlt --chown=www-data:www-data "${tmp_dir}/" "${FILES_DIR}" else echo "Importing files to public directory" - rsync -rlt --force "${tmp_dir}/" "${FILES_DIR}/public/" + rsync -rlt --chown=www-data:www-data "${tmp_dir}/" "${FILES_DIR}/public/" fi rm -rf "${tmp_dir}" \ No newline at end of file diff --git a/7/actions/init-public-storage.sh b/7/actions/init-public-storage.sh index 1ec03ce..b64ceac 100755 --- a/7/actions/init-public-storage.sh +++ b/7/actions/init-public-storage.sh @@ -26,7 +26,4 @@ if [[ -n "${app_public_dir}" ]]; then else ln -sf "${FILES_DIR}/public" "${app_public_dir}" fi - - # Make sure FPM can write to the public folder. - chmod 775 "${app_public_dir}" fi diff --git a/7/actions/init-volumes.sh b/7/actions/init-volumes.sh new file mode 100755 index 0000000..6af435f --- /dev/null +++ b/7/actions/init-volumes.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +set -e + +if [[ -n "${DEBUG}" ]]; then + set -x +fi + +chown wodby:wodby "${APP_ROOT}" + +declare -a dirs=( + "${FILES_DIR}" + "${FILES_DIR}/private" + "${FILES_DIR}/public" + "${FILES_DIR}/xdebug/profiler" + "${FILES_DIR}/xdebug/traces" +) + +for dir in "${dirs[@]}"; do + mkdir -p "${dir}" + chown www-data:www-data "${dir}" + chmod 775 "${dir}" +done diff --git a/7/actions/migrate.sh b/7/actions/migrate.sh index 3599968..91548f4 100755 --- a/7/actions/migrate.sh +++ b/7/actions/migrate.sh @@ -11,21 +11,7 @@ to="${2:-}" # Default user changed from www-data (82) to wodby (1000), change recursively codebase permissions on volume. if [[ "${to:0:1}" == 5 && "${from:0:1}" < 5 ]]; then - echo "1. Migrating to a new major 5.x version. Fixing permissions for:" - echo "- Codebase volume except symlinks (public files dir)" + echo "Migrating to a new major 5.x version." + echo "Fixing permissions for codebase volume except symlinks (public files dir)" find "${APP_ROOT}" -uid 82 ! -type l -exec chown wodby:wodby {} + - echo "- Files volume (only top level dirs and files)" - find "${FILES_DIR}" ! -path "${FILES_DIR}" -uid 82 -maxdepth 1 -exec chown wodby:wodby {} \; -exec chmod 775 {} \; - - if [[ -n "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" ]]; then - echo "Repeating actions for xdebug trace output dir" - chown wodby:wodby "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" - chmod 775 "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" - fi - - if [[ -n "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" ]]; then - echo "Repeating actions for xdebug profiler output dir" - chown wodby:wodby "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" - chmod 775 "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" - fi fi diff --git a/7/docker-entrypoint.sh b/7/docker-entrypoint.sh index 2768672..9f34a1d 100755 --- a/7/docker-entrypoint.sh +++ b/7/docker-entrypoint.sh @@ -14,25 +14,6 @@ _gotpl() { fi } -# Writable for wodby group (www-data user) -create_group_writable_dirs() { - declare -a dirs=( - "${FILES_DIR}/private" - "${FILES_DIR}/public" - ) - - [[ -n "${PHP_XDEBUG_TRACE_OUTPUT_DIR}" ]] && dirs+=("${PHP_XDEBUG_TRACE_OUTPUT_DIR}") - [[ -n "${PHP_XDEBUG_PROFILER_OUTPUT_DIR}" ]] && dirs+=("${PHP_XDEBUG_PROFILER_OUTPUT_DIR}") - - for dir in "${dirs[@]}"; do - # Check for existence to avoid permissions issues from 4.x version. - if [[ ! -d "${dir}" ]]; then - mkdir -p "${dir}" - chmod 775 "${dir}" - fi - done -} - init_ssh_client() { _gotpl "ssh_config.tpl" "${ssh_dir}/config" @@ -98,9 +79,8 @@ init_git() { git config --global user.name "${GIT_USER_NAME}" } -sudo fix-volumes-permissions.sh +sudo init-volumes.sh -create_group_writable_dirs init_ssh_client init_git process_templates diff --git a/7/templates/docker-php-ext-xdebug.ini.tpl b/7/templates/docker-php-ext-xdebug.ini.tpl index 9e5e67b..f5e0ba0 100644 --- a/7/templates/docker-php-ext-xdebug.ini.tpl +++ b/7/templates/docker-php-ext-xdebug.ini.tpl @@ -27,7 +27,7 @@ xdebug.profiler_append = {{ getenv "PHP_XDEBUG_PROFILER_APPEND" "0" }} xdebug.profiler_enable = {{ getenv "PHP_XDEBUG_PROFILER_ENABLE" "0" }} xdebug.profiler_enable_trigger = {{ getenv "PHP_XDEBUG_PROFILER_ENABLE_TRIGGER" "0" }} xdebug.profiler_enable_trigger_value = "{{ getenv "PHP_XDEBUG_PROFILER_ENABLE_TRIGGER_VALUE" "" }}" -xdebug.profiler_output_dir = {{ getenv "PHP_XDEBUG_PROFILER_OUTPUT_DIR" "/tmp" }} +xdebug.profiler_output_dir = {{ getenv "FILES_DIR" }}/xdebug/profiler xdebug.profiler_output_name = {{ getenv "PHP_XDEBUG_PROFILER_OUTPUT_NAME" "cachegrind.out.%p" }} xdebug.remote_addr_header = "{{ getenv "PHP_XDEBUG_REMOTE_ADDR_HEADER" "" }}" xdebug.remote_autostart = {{ getenv "PHP_XDEBUG_REMOTE_AUTOSTART" "1" }} @@ -48,7 +48,7 @@ xdebug.trace_enable_trigger = {{ getenv "PHP_XDEBUG_TRACE_ENABLE_TRIGGER" "0" }} xdebug.trace_enable_trigger_value = "{{ getenv "PHP_XDEBUG_TRACE_ENABLE_TRIGGER_VALUE" "" }}" xdebug.trace_format = {{ getenv "PHP_XDEBUG_TRACE_FORMAT" "0" }} xdebug.trace_options = {{ getenv "PHP_XDEBUG_TRACE_OPTIONS" "0" }} -xdebug.trace_output_dir = {{ getenv "PHP_XDEBUG_TRACE_OUTPUT_DIR" "/tmp" }} +xdebug.trace_output_dir = {{ getenv "FILES_DIR" }}/xdebug/traces xdebug.trace_output_name = {{ getenv "PHP_XDEBUG_TRACE_OUTPUT_NAME" "trace.%c" }} xdebug.var_display_max_children = {{ getenv "PHP_XDEBUG_VAR_DISPLAY_MAX_CHILDREN" "128" }} xdebug.var_display_max_data = {{ getenv "PHP_XDEBUG_VAR_DISPLAY_MAX_DATA" "512" }}