diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 92ffdce7ba2e119b8644974e5b85b3233849cd5c..0adc8adbcdbbc433317b4934313f216f2ff7c987 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,18 +2,20 @@ image: docker:20.10.9
variables:
DOCKER_TLS_CERTDIR: "/certs"
- IMAGE_VER: 3.27.22
+ BUILD_VERSION: p1
services:
- docker:20.10.9-dind
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+ - SRC_VERSION=`grep FROM Dockerfile | cut -d ':' -f 2`
+ - VERSION="${SRC_VERSION}-${BUILD_VERSION}"
build:
stage: build
script:
- docker pull $CI_REGISTRY_IMAGE:latest || true
- - docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$IMAGE_VER --tag $CI_REGISTRY_IMAGE:latest .
- - docker push $CI_REGISTRY_IMAGE:$IMAGE_VER
+ - docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$VERSION --tag $CI_REGISTRY_IMAGE:latest .
+ - docker push $CI_REGISTRY_IMAGE:$VERSION
- docker push $CI_REGISTRY_IMAGE:latest
diff --git a/Dockerfile b/Dockerfile
index 0ac739cdbbc86a2bf65e38c66732fcc992ee39b2..bd12632cef1e77d8d208291356e5e6aeec8ef0a8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,77 +1,17 @@
-FROM php:7.3-apache
-LABEL maintainer="markus@martialblog.de"
-ARG version='3.27.22+211026'
-ARG sha256_checksum='9fd31e38cf692370257b21821f791f0568f6f93bbff68995467fbcec0370ff34'
+FROM martialblog/limesurvey:5.4.9-221101-apache
-# Install OS dependencies
RUN set -ex; \
apt-get update && \
DEBIAN_FRONTEND=noninteractive \
apt-get install --no-install-recommends -y \
\
libapache2-mod-auth-mellon \
- libldap2-dev \
- libfreetype6-dev \
- libjpeg-dev \
- zlib1g-dev \
- libc-client-dev \
- libkrb5-dev \
- libpng-dev \
- libzip-dev \
- libpq-dev \
- netcat \
ssl-cert \
\
&& apt-get -y autoclean; apt-get -y autoremove; \
rm -rf /var/lib/apt/lists/*
-# Link LDAP library for PHP ldap extension
-RUN set -ex; \
- ln -fs /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/
-
-# Install PHP Plugins and Configure PHP imap plugin
-RUN set -ex; \
- docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
- docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
- docker-php-ext-install -j5 \
- gd \
- imap \
- ldap \
- mbstring \
- pdo \
- pdo_mysql \
- pdo_pgsql \
- pgsql \
- zip
-
-ENV LIMESURVEY_VERSION=$version
-
-# Apache configuration
-RUN a2ensite default-ssl; a2enmod headers rewrite remoteip ssl; \
- {\
- echo RemoteIPHeader X-Real-IP ;\
- echo RemoteIPTrustedProxy 10.0.0.0/8 ;\
- echo RemoteIPTrustedProxy 172.16.0.0/12 ;\
- echo RemoteIPTrustedProxy 192.168.0.0/16 ;\
- } > /etc/apache2/conf-available/remoteip.conf;\
- a2enconf remoteip
-
-# Use the default production configuration
-RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
-
-# Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
-
-RUN set -ex; \
- echo "${sha256_checksum} /tmp/${version}.tar.gz" | sha256sum -c - && \
- \
- tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
- rm -f "/tmp/${version}.tar.gz" && \
- chown -R www-data:www-data /var/www/html
COPY entrypoint.sh entrypoint.sh
ADD mod_auth_mellon.conf /etc/apache2/conf-enabled/mod_auth_mellon.conf
-EXPOSE 443
-ENTRYPOINT ["/var/www/html/entrypoint.sh"]
-CMD ["apache2-foreground"]
diff --git a/entrypoint.sh b/entrypoint.sh
index 437831f77568b7ae853fa335e79d7fdf2408da42..025c78cea9b1f45a32cded22353f6cd06ef4a10a 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,25 +1,39 @@
#!/bin/bash
# Entrypoint for Docker Container
-HOST=${HOST:-'dotazniky.pirati.cz'}
+HOST=${HOST:-'ankety.pirati.cz'}
IDP_METADATA=${IDP_METADATA:-'https://auth.pirati.cz/auth/realms/pirati/protocol/saml/descriptor'}
+
DB_TYPE=${DB_TYPE:-'pgsql'}
-DB_HOST=${DB_HOST:-'pgsql'}
+DB_HOST=${DB_HOST:-'pg'}
DB_PORT=${DB_PORT:-'5432'}
DB_SOCK=${DB_SOCK:-}
DB_NAME=${DB_NAME:-'limesurvey'}
DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
DB_USERNAME=${DB_USERNAME:-'limesurvey'}
DB_PASSWORD=${DB_PASSWORD:-}
+DB_MYSQL_ENGINE=${DB_MYSQL_ENGINE:-'MyISAM'}
+
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+ENCRYPT_NONCE=${ENCRYPT_NONCE:-}
+ENCRYPT_SECRET_BOX_KEY=${ENCRYPT_SECRET_BOX_KEY:-}
ADMIN_USER=${ADMIN_USER:-'admin'}
ADMIN_NAME=${ADMIN_NAME:-'admin'}
ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
+BASE_URL=${BASE_URL:-}
PUBLIC_URL=${PUBLIC_URL:-}
URL_FORMAT=${URL_FORMAT:-'path'}
+SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'}
+TABLE_SESSION=${TABLE_SESSION:-}
+
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
if [ ! -d /etc/apache2/saml2 ]; then
mkdir /etc/apache2/saml2
@@ -32,7 +46,7 @@ fi
# Create mod_auth_mellon service provider config
if [ ! -f /etc/apache2/saml2/sp.xml ]; then
pushd /etc/apache2/saml2
- echo -e "Generating new service provider certificate.\n\n"
+ echo -e "Generating new service provider certificate.\n\n"
/usr/sbin/mellon_create_metadata https://${HOST}/mellon/metadata https://${HOST}/mellon
mv http*.xml sp.xml
mv http*.key sp.key
@@ -41,16 +55,33 @@ if [ ! -f /etc/apache2/saml2/sp.xml ]; then
popd
fi
+LISTEN_PORT=${LISTEN_PORT:-"8080"}
+
+if [ -z "$DB_PASSWORD" ]; then
+ echo >&2 'Error: Missing DB_PASSWORD'
+ exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+ echo >&2 'Error: Missing ADMIN_PASSWORD'
+ exit 1
+fi
+
+if [ "$LISTEN_PORT" != "80" ]; then
+ echo "Info: Customizing Apache Listen port to $LISTEN_PORT"
+ sed -i "s/Listen 80\$/Listen $LISTEN_PORT/" /etc/apache2/ports.conf /etc/apache2/sites-available/000-default.conf
+fi
+
# Check if database is available
if [ -z "$DB_SOCK" ]; then
- until nc -z -v -w30 $DB_HOST $DB_PORT
+ until nc -z -v -w30 "$DB_HOST" "$DB_PORT"
do
echo "Info: Waiting for database connection..."
sleep 5
done
fi
-# Check if already provisioned
+# Check if config already provisioned
if [ -f application/config/config.php ]; then
echo 'Info: config.php already provisioned'
else
@@ -59,64 +90,106 @@ else
if [ "$DB_TYPE" = 'mysql' ]; then
echo 'Info: Using MySQL configuration'
DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
- cp application/config/config-sample-mysql.php application/config/config.php
fi
if [ "$DB_TYPE" = 'pgsql' ]; then
echo 'Info: Using PostgreSQL configuration'
DB_CHARSET=${DB_CHARSET:-'utf8'}
- cp application/config/config-sample-pgsql.php application/config/config.php
fi
- # Set Database config
- if [ ! -z "$DB_SOCK" ]; then
+ if [ -n "$DB_SOCK" ]; then
echo 'Info: Using unix socket'
- sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+ DB_CONNECT='unix_socket'
else
echo 'Info: Using TCP connection'
- sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+ DB_CONNECT='host'
fi
- sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
- sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
- sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
- sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
- sed -i "s#\('showScriptName' => \).*,\$#\\1false,#g" application/config/config.php
-
- # Set URL config
- sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
- # Set Public URL
if [ -z "$PUBLIC_URL" ]; then
echo 'Info: Setting PublicURL'
- sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
fi
+
+ cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+ 'components' => array(
+ 'db' => array(
+ 'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+ 'emulatePrepare' => true,
+ 'username' => '$DB_USERNAME',
+ 'password' => '$DB_PASSWORD',
+ 'charset' => '$DB_CHARSET',
+ 'tablePrefix' => '${DB_TABLE_PREFIX//[[:space:]]/}',
+ ),
+ //'session' => array (
+ // 'class' => 'application.core.web.DbHttpSession',
+ // 'connectionID' => 'db',
+ // 'sessionTableName' => '{{sessions}}',
+ //),
+ 'urlManager' => array(
+ 'urlFormat' => '$URL_FORMAT',
+ 'rules' => array(),
+ 'showScriptName' => $SHOW_SCRIPT_NAME,
+ ),
+ 'request' => array(
+ 'baseUrl' => '$BASE_URL',
+ ),
+ ),
+ 'config'=>array(
+ 'publicurl'=>'$PUBLIC_URL',
+ 'debug'=>$DEBUG,
+ 'debugsql'=>$DEBUG_SQL,
+ 'mysqlEngine' => '$DB_MYSQL_ENGINE',
+ )
+);
+
+EOF
+
+fi
+
+# Enable Table Sessions if required
+if [ -n "$TABLE_SESSION" ]; then
+ echo 'Info: Setting Table Session'
+ # Remove the comments in the config
+ sed -i "s/\/\///g" application/config/config.php
fi
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+ echo 'Info: security.php already provisioned'
+else
+ echo 'Info: Creating security.php'
+ if [ -n "$ENCRYPT_KEYPAIR" ]; then
+
+ cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+\$config['encryptionnonce'] = '$ENCRYPT_NONCE';
+\$config['encryptionsecretboxkey'] = '$ENCRYPT_SECRET_BOX_KEY';
+return \$config;
+EOF
+ else
+ echo >&2 'Warning: No encryption keys were provided'
+ echo >&2 'Warning: A security.php config will be created by the application'
+ echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+ fi
+fi
# Check if LimeSurvey database is provisioned
echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
php application/commands/console.php updatedb
+PHP_UPDATEDB_EXIT_CODE=$?
-if [ $? -eq 0 ]; then
+if [ $PHP_UPDATEDB_EXIT_CODE -eq 0 ]; then
echo 'Info: Database already provisioned'
else
- # Check if DB_PASSWORD is set
- if [ -z "$DB_PASSWORD" ]; then
- echo >&2 'Error: Missing DB_PASSWORD'
- exit 1
- fi
-
- # Check if DB_PASSWORD is set
- if [ -z "$ADMIN_PASSWORD" ]; then
- echo >&2 'Error: Missing ADMIN_PASSWORD'
- exit 1
- fi
-
echo ''
echo 'Running console.php install'
- php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL
+ php application/commands/console.php install "$ADMIN_USER" "$ADMIN_PASSWORD" "$ADMIN_NAME" "$ADMIN_EMAIL"
fi
exec "$@"