From 713af96b9e4819eb6bf468dc9bcfbb32bfe0649f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C5=91cze=20Bence?= Date: Tue, 26 Sep 2023 21:39:49 +0200 Subject: [PATCH] set runner user of web service --- README.md | 7 +++++++ docker-compose.yml | 3 +++ docker/Dockerfile | 5 +++-- docker/scripts/entry-point-dev.sh | 12 ++++++++++-- docker/scripts/entry-point.sh | 13 ++++++++++++- docker/scripts/release.sh | 4 ++-- 6 files changed, 37 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 6a0e1bf..8bdfc16 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,9 @@ services: depends_on: mariadb: condition: service_healthy + environment: + - USER_UID= + - USER_GID= ports: - 80:80 - 8090:8090 @@ -91,6 +94,10 @@ docker compose up -d ### Docker Compose +Set the following environment variables in your shell: +* `USER_UID`: your user ID +* `USER_GID`: your user's group ID + Execute the following command from the repo root: ```bash docker compose up -d diff --git a/docker-compose.yml b/docker-compose.yml index ede07d4..6b2afcd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,6 +8,9 @@ services: depends_on: mariadb: condition: service_healthy + environment: + - USER_UID + - USER_GID ports: - 80:80 - 5000:5000 diff --git a/docker/Dockerfile b/docker/Dockerfile index cfa360e..c5c2ad8 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -2,7 +2,7 @@ FROM ubuntu:focal AS mapg_base ENV DEBIAN_FRONTEND noninteractive -RUN apt update --fix-missing && apt install -y curl git unzip mariadb-client nginx \ +RUN apt update --fix-missing && apt install -y sudo curl git unzip mariadb-client nginx \ php-apcu php7.4-cli php7.4-curl php7.4-fpm php7.4-mbstring php7.4-mysql php7.4-zip php7.4-xml RUN mkdir -p /run/php @@ -30,6 +30,7 @@ EXPOSE 8090 EXPOSE 9229 ENTRYPOINT docker/scripts/entry-point-dev.sh + FROM mapg_base AS mapg_release RUN apt update --fix-missing && apt install -y cron @@ -37,7 +38,7 @@ RUN apt update --fix-missing && apt install -y cron WORKDIR /var/www/mapguesser COPY ./ /var/www/mapguesser RUN docker/scripts/release.sh &&\ - rm -rf /var/www/mapguesser/.git /var/www/mapguesser/.env + rm -rf /var/www/mapguesser/.git EXPOSE 80 EXPOSE 8090 diff --git a/docker/scripts/entry-point-dev.sh b/docker/scripts/entry-point-dev.sh index 26c43ca..ba04f48 100755 --- a/docker/scripts/entry-point-dev.sh +++ b/docker/scripts/entry-point-dev.sh @@ -2,7 +2,10 @@ set -e -chmod 777 cache +if [ -z "$USER_UID" ] or [ -z "$USER_GID" ]; then + echo "USER_UID and USER_GID should be set" + exit 1 +fi echo "Installing Composer packages..." if [ -f .env ]; then @@ -20,11 +23,16 @@ echo "Installing Yarn packages..." echo "Migrating DB..." ./mapg db:migrate +echo "Set runner user..." +groupadd --gid $USER_GID mapg +useradd --uid $USER_UID --gid $USER_GID mapg +sed -i -e "s/^user = .*$/user = mapg/g" -e "s/^group = .*$/group = mapg/g" /etc/php/7.4/fpm/pool.d/www.conf + set +e /usr/sbin/php-fpm7.4 -F & /usr/sbin/nginx -g 'daemon off;' & -/usr/bin/node --inspect=0.0.0.0:9229 multi & +sudo -u mapg -g mapg /usr/bin/node --inspect=0.0.0.0:9229 multi & wait -n diff --git a/docker/scripts/entry-point.sh b/docker/scripts/entry-point.sh index 59de3bb..96beccc 100755 --- a/docker/scripts/entry-point.sh +++ b/docker/scripts/entry-point.sh @@ -2,18 +2,29 @@ set -e +if [ -z "$USER_UID" ] or [ -z "$USER_GID" ]; then + echo "USER_UID and USER_GID should be set" + exit 1 +fi + echo "Migrating DB..." ./mapg db:migrate echo "Installing crontab..." /usr/bin/crontab docker/scripts/cron +echo "Set runner user..." +groupadd --gid $USER_GID mapg +useradd --uid $USER_UID --gid $USER_GID mapg +chown mapg:mapg cache +sed -i -e "s/^user = .*$/user = mapg/g" -e "s/^group = .*$/group = mapg/g" /etc/php/7.4/fpm/pool.d/www.conf + set +e /usr/sbin/cron -f & /usr/sbin/php-fpm7.4 -F & /usr/sbin/nginx -g 'daemon off;' & -/usr/bin/node multi & +sudo -u mapg -g mapg /usr/bin/node multi & wait -n diff --git a/docker/scripts/release.sh b/docker/scripts/release.sh index 27aad4b..7cd2c66 100755 --- a/docker/scripts/release.sh +++ b/docker/scripts/release.sh @@ -2,8 +2,6 @@ set -e -chmod 777 cache - echo "Installing Composer packages..." composer create-project --no-dev @@ -28,3 +26,5 @@ find public/static/img -type f -iname '*.svg' -exec svgo {} -o {} \; echo "Linking view files..." ./mapg view:link + +rm .env