From f84fd7c9a2ff9786faac4deb0eeb5baa145479d9 Mon Sep 17 00:00:00 2001 From: bunkerity Date: Tue, 27 Apr 2021 16:49:45 +0200 Subject: [PATCH] fix permissions issues for autoconf and fix volume for ghost example --- autoconf/Dockerfile | 9 ++++++++- autoconf/Dockerfile-amd64 | 11 +++++++++-- autoconf/Dockerfile-arm32v7 | 9 ++++++++- autoconf/Dockerfile-arm64v8 | 9 ++++++++- autoconf/Dockerfile-i386 | 9 ++++++++- entrypoint/permissions.sh | 22 +++++++++++++--------- examples/ghost/docker-compose.yml | 2 +- 7 files changed, 55 insertions(+), 16 deletions(-) diff --git a/autoconf/Dockerfile b/autoconf/Dockerfile index 2703020..3f94788 100644 --- a/autoconf/Dockerfile +++ b/autoconf/Dockerfile @@ -12,6 +12,9 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ mkdir /opt/scripts && \ addgroup -g 101 nginx && \ adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \ + mkdir /etc/letsencrypt && \ + chown root:nginx /etc/letsencrypt && \ + chmod 770 /etc/letsencrypt && \ mkdir /var/log/letsencrypt && \ chown root:nginx /var/log/letsencrypt && \ chmod 770 /var/log/letsencrypt && \ @@ -25,7 +28,11 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ chown root:nginx /var/log/jobs.log && \ chmod 770 /var/log/jobs.log && \ chown -R root:nginx /opt/confs/nginx && \ - chmod -R 770 /opt/confs/nginx + chmod -R 770 /opt/confs/nginx && \ + mkdir /acme-challenge && \ + chown root:nginx /acme-challenge && \ + chmod 770 /acme-challenge + COPY autoconf/misc/logrotate.conf /etc/logrotate.conf COPY scripts/* /opt/scripts/ diff --git a/autoconf/Dockerfile-amd64 b/autoconf/Dockerfile-amd64 index d765b82..67700ce 100644 --- a/autoconf/Dockerfile-amd64 +++ b/autoconf/Dockerfile-amd64 @@ -7,10 +7,14 @@ COPY --from=builder /etc/nginx/ /opt/confs/nginx RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ pip3 install docker requests && \ mkdir /opt/entrypoint && \ - mkdir -p /opt/confs/site && \ + mkdir -p /opt/confs/site && \ mkdir -p /opt/confs/global && \ + mkdir /opt/scripts && \ addgroup -g 101 nginx && \ adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \ + mkdir /etc/letsencrypt && \ + chown root:nginx /etc/letsencrypt && \ + chmod 770 /etc/letsencrypt && \ mkdir /var/log/letsencrypt && \ chown root:nginx /var/log/letsencrypt && \ chmod 770 /var/log/letsencrypt && \ @@ -24,7 +28,10 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ chown root:nginx /var/log/jobs.log && \ chmod 770 /var/log/jobs.log && \ chown -R root:nginx /opt/confs/nginx && \ - chmod -R 770 /opt/confs/nginx + chmod -R 770 /opt/confs/nginx && \ + mkdir /acme-challenge && \ + chown root:nginx /acme-challenge && \ + chmod 770 /acme-challenge COPY autoconf/misc/logrotate.conf /etc/logrotate.conf COPY scripts/* /opt/scripts/ diff --git a/autoconf/Dockerfile-arm32v7 b/autoconf/Dockerfile-arm32v7 index 8424a7d..3fff90e 100644 --- a/autoconf/Dockerfile-arm32v7 +++ b/autoconf/Dockerfile-arm32v7 @@ -15,8 +15,12 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ mkdir /opt/entrypoint && \ mkdir -p /opt/confs/site && \ mkdir -p /opt/confs/global && \ + mkdir /opt/scripts && \ addgroup -g 101 nginx && \ adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \ + mkdir /etc/letsencrypt && \ + chown root:nginx /etc/letsencrypt && \ + chmod 770 /etc/letsencrypt && \ mkdir /var/log/letsencrypt && \ chown root:nginx /var/log/letsencrypt && \ chmod 770 /var/log/letsencrypt && \ @@ -30,7 +34,10 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ chown root:nginx /var/log/jobs.log && \ chmod 770 /var/log/jobs.log && \ chown -R root:nginx /opt/confs/nginx && \ - chmod -R 770 /opt/confs/nginx + chmod -R 770 /opt/confs/nginx && \ + mkdir /acme-challenge && \ + chown root:nginx /acme-challenge && \ + chmod 770 /acme-challenge COPY autoconf/misc/logrotate.conf /etc/logrotate.conf COPY scripts/* /opt/scripts/ diff --git a/autoconf/Dockerfile-arm64v8 b/autoconf/Dockerfile-arm64v8 index 4e1f6e7..cd83bb6 100644 --- a/autoconf/Dockerfile-arm64v8 +++ b/autoconf/Dockerfile-arm64v8 @@ -15,8 +15,12 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ mkdir /opt/entrypoint && \ mkdir -p /opt/confs/site && \ mkdir -p /opt/confs/global && \ + mkdir /opt/scripts && \ addgroup -g 101 nginx && \ adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \ + mkdir /etc/letsencrypt && \ + chown root:nginx /etc/letsencrypt && \ + chmod 770 /etc/letsencrypt && \ mkdir /var/log/letsencrypt && \ chown root:nginx /var/log/letsencrypt && \ chmod 770 /var/log/letsencrypt && \ @@ -30,7 +34,10 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ chown root:nginx /var/log/jobs.log && \ chmod 770 /var/log/jobs.log && \ chown -R root:nginx /opt/confs/nginx && \ - chmod -R 770 /opt/confs/nginx + chmod -R 770 /opt/confs/nginx && \ + mkdir /acme-challenge && \ + chown root:nginx /acme-challenge && \ + chmod 770 /acme-challenge COPY autoconf/misc/logrotate.conf /etc/logrotate.conf COPY scripts/* /opt/scripts/ diff --git a/autoconf/Dockerfile-i386 b/autoconf/Dockerfile-i386 index a5fafe3..9c239ba 100644 --- a/autoconf/Dockerfile-i386 +++ b/autoconf/Dockerfile-i386 @@ -9,8 +9,12 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ mkdir /opt/entrypoint && \ mkdir -p /opt/confs/site && \ mkdir -p /opt/confs/global && \ + mkdir /opt/scripts && \ addgroup -g 101 nginx && \ adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \ + mkdir /etc/letsencrypt && \ + chown root:nginx /etc/letsencrypt && \ + chmod 770 /etc/letsencrypt && \ mkdir /var/log/letsencrypt && \ chown root:nginx /var/log/letsencrypt && \ chmod 770 /var/log/letsencrypt && \ @@ -24,7 +28,10 @@ RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \ chown root:nginx /var/log/jobs.log && \ chmod 770 /var/log/jobs.log && \ chown -R root:nginx /opt/confs/nginx && \ - chmod -R 770 /opt/confs/nginx + chmod -R 770 /opt/confs/nginx && \ + mkdir /acme-challenge && \ + chown root:nginx /acme-challenge && \ + chmod 770 /acme-challenge COPY autoconf/misc/logrotate.conf /etc/logrotate.conf COPY scripts/* /opt/scripts/ diff --git a/entrypoint/permissions.sh b/entrypoint/permissions.sh index 2ebd52e..35aba2f 100644 --- a/entrypoint/permissions.sh +++ b/entrypoint/permissions.sh @@ -6,20 +6,24 @@ if [ ! -w "/etc/letsencrypt" ] || [ ! -r "/etc/letsencrypt" ] || [ ! -x "/etc/le exit 1 fi -# /www -if [ ! -r "/www" ] || [ ! -x "/www" ] ; then - echo "[!] ERROR - wrong permissions on /www" - exit 2 -fi +if [ -f "/usr/sbin/nginx" ] ; then + # /www + if [ ! -r "/www" ] || [ ! -x "/www" ] ; then + echo "[!] ERROR - wrong permissions on /www" + exit 2 + fi -# /etc/nginx -if [ ! -w "/etc/nginx" ] || [ ! -r "/etc/nginx" ] || [ ! -x "/etc/nginx" ] ; then - echo "[!] ERROR - wrong permissions on /etc/nginx" - exit 3 fi # /acme-challenge if [ ! -w "/acme-challenge" ] || [ ! -r "/acme-challenge" ] || [ ! -x "/acme-challenge" ] ; then echo "[!] ERROR - wrong permissions on /acme-challenge" + exit 3 +fi + +# /etc/nginx +if [ ! -w "/etc/nginx" ] || [ ! -r "/etc/nginx" ] || [ ! -x "/etc/nginx" ] ; then + echo "[!] ERROR - wrong permissions on /etc/nginx" exit 4 fi + diff --git a/examples/ghost/docker-compose.yml b/examples/ghost/docker-compose.yml index 6a8024d..25c6812 100644 --- a/examples/ghost/docker-compose.yml +++ b/examples/ghost/docker-compose.yml @@ -25,6 +25,6 @@ services: myghost: image: ghost:alpine volumes: - - ./data-ghost:/ + - ./data-ghost:/var/lib/ghost/content environment: - url=https://www.website.com # replace with your domain