Added #9313: Add new fpm-alpine docker image and docker secrets support #9331
Conversation
- APP_KEY_FILE -> APP_KEY; - DB_HOST_FILE -> DB_HOST; - DB_PORT_FILE -> DB_PORT; - DB_DATABASE_FILE -> DB_DATABASE; - DB_USERNAME_FILE -> DB_USERNAME; - DB_PASSWORD_FILE -> DB_PASSWORD; - REDIS_HOST_FILE -> REDIS_HOST; - REDIS_PASSWORD_FILE -> REDIS_PASSWORD; - REDIS_PORT_FILE -> REDIS_PORT; - MAIL_HOST_FILE -> MAIL_HOST; - MAIL_PORT_FILE -> MAIL_PORT; - MAIL_USERNAME_FILE -> MAIL_USERNAME; - MAIL_PASSWORD_FILE -> MAIL_PASSWORD;
|
💖 Thanks for this pull request! 💖 We use semantic commit messages to streamline the release process and easily generate changelogs between versions. Before your pull request can be merged, you should update your pull request title to start with a semantic prefix if it doesn't have one already. Examples of commit messages with semantic prefixes:
Things that will help get your PR across the finish line:
We get a lot of pull requests on this repo, so please be patient and we will get back to you as soon as we can. |
Mateus-Romera
changed the title
|
I'm a little worried about keeping the docker config files and the regular config files in sync though. @uberbrady - can you think of an easier way to maybe handle this? |
|
You are right. Wordpress official docker image does the same thing, but only with one file, wp-config.php. If we added support for docker secrets to every variable, we would have to create a lot of copies, this is not ideal at all. Perhaps if we replace getenv() function with getenv_docker() for each regular config files, since the getenv_docker() function will try to search for a '_FILE' variable, but if not found, it will fallback to find the normal variable (without '_FILE') using getenv() function. But this would integrate docker directly into the code, which may also not be ideal. What do you think? |
|
@snipe Hello again, I have made some changes. This way we can forget about keeping the docker config files and the regular config files in sync. If this is acceptable, then I will also edit the PR description.
|
|
@uberbrady and @jerm - can you both take a gander at this and see it all looks okay to you both? |
|
Congrats on merging your first pull request! 🎉🎉🎉 |
|
Nice to see that there is finally a officially supported Dockerfile that is using PHP-FPM. If not, do we have some guide how to manually build the image? |
|
Hello! |
|
@major-mayer hello again, I created a new repository with the php-fpm alpine docker image using the latest Snipe-IT release, you are welcome to take a look: https://hub.docker.com/r/pirasbro/snipe-it I want to create something similar to docker official images, build, tagging and publish docker images using the bashbew tool, but in the meantime, I'm doing this manually since it's my first attempt to do something like this. If you encounter any problem, don't hesitate to contact me. |
|
Hi @Mateus-Romera , version: '3'
volumes:
web_data:
snipe_data: # only for debugging
services:
snipeit:
container_name: snipeit-fpm
image: pirasbro/snipe-it:5.3.0-fpm-alpine
environment:
# SnipeIT settings
APP_URL: localhost:9001
APP_KEY: base64:CdNywz90QeGfAvL4nw7sqHwr9nI8v4z+yYcWpEgH+4g=
# Database settings
DB_HOST: mariadb
DB_PORT: 3306
DB_DATABASE: snipeit
DB_USERNAME: snipeit
DB_PASSWORD: -------
# Session settings
SECURE_COOKIES: "false"
volumes:
- web_data:/var/www/html
- snipe_data:var/lib/snipeit # only for debugging
external_links:
- mariadb
( The reverse proxy and database are defined externally) That's why i created the second volume, i thought it could maybe help, but it didn't. So it seems that the installer can create some folders but has some permission errors in the entry script. Edit: I still wonder why it's unable to do a chown for directories that are completely under the control of the container. |
|
Hello again @major-mayer , I made a lot of mistakes on this image but they should be solved by now. If you encounter any more issues, please create them inside my repository instead of using this PR for a better tracking on my part. Thanks and good luck! |
Description
Add php-fpm-alpine image and docker secrets support.
I know I probably should have created two separate PRs, but I was only able to test the docker's secret support with this new docker image due to lack of time.
PHP-FPM-ALPINE
I tried to create a production-ready php-fpm-alpine image following the best practices of wordpress and php-fpm official docker images. (does not make it perfect. Feel free to point anything wrong!)
I added easy-to-use support for development, but it’s worth saying that I haven’t tested this image extensively for this purpose.
This image contains 226MB uncompressed.
DOCKER-SECRETS
Add docker secrets support using simple shell script helper function that is capable of converting environment variables containing the suffix '_FILE' into their stripped counterparts.
This function was cribbed from the official docker netxtcloud repository:
https://github.com/nextcloud/docker/blob/9b057aafb0c41bab63870277c53307d3d6dc572b/docker-entrypoint.sh
I also created a new .env file and docker-entrypoint.sh with the necessary modifications so as not to break the current docker workflow using other snipeit images.
Initial variable support for docker secrets:
If desired, you can add more support for variables by adding including them directly to the shell script.
With this we could deploy snipeIT more securely.
Closes # (#9313)
Type of change
How Has This Been Tested?
The fpm-alpine image was built using the new docker BuildKit module.
docker buildx build \ --file Dockerfile.fpm-alpine \ --tag snipe/snipe-it:5.1.3-fpm-alpine .Test was done using docker-compose and fpm-alpine image above as base to build my nginx + snipeit-fpm-alpine image:
docker-compose.yml:
Test Configuration:
Checklist: